734700x800000000000000062024178Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\bcrypt.dll10.0.14393.6078 (rs1_release.230626-1747)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=E1646639F9F581545605E98E4F539346,SHA256=31B0C8AB5A85D4566E7227852E8111EE615EDE842EC17DA8D6127D38556805E5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024177Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\FWPUCLNT.DLL10.0.14393.0 (rs1_release.160715-1616)FWP/IPsec User-Mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationfwpuclnt.dllMD5=A65FA613342B08E0F760D8B13B9C135A,SHA256=C64A1EC862188D2EE1202DB02BFBF4E2DD56780905E509012799EB57FC9A88EDtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024176Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\rasadhlp.dll10.0.14393.0 (rs1_release.160715-1616)Remote Access AutoDial HelperMicrosoft® Windows® Operating SystemMicrosoft Corporationrasadhlp.dllMD5=FAE8D0480BDD905EEA453D3A57C8D5C6,SHA256=C1531223B8201B344A6A6474CB2D9B8A8C632250A3A6F472EC5E2D7D28ADD94CtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024161Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024160Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1ECtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024159Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.296{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\urlmon.dll11.00.14393.6167 (rs1_release.230802-0927)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=3F274E4F2FBCA53479845EDDAE134410,SHA256=889F6FD5A4127C1B61AAB2945FA25823888E2D1B7D443059804EEB0BB60AA413trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024157Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024147Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=25B3BD4D63460EE4599F5631C1B83D21,SHA256=07E055D47940F09CB7EB512D52672C944D7D2F035A2F45766319871C0862C5B1trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024144Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024140Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\winhttp.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=44DF25F229E9374FA1290BE1CA03026B,SHA256=A446A296E85934FD9D10D7BD5B086FE6B4972FD7E93D4CC0ADC1068DD7A5AD81trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024139Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024138Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024137Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.280{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\oleaut32.dll10.0.14393.6078 (rs1_release.230626-1747)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=76102A365A7CB74FB16D927F4E049D48,SHA256=3E3F0FE9B7A89470FA4A8D2B49B35A7852DE0B9B642E2EE88D2730B6F89243A7trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024136Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024135Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024134Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\shlwapi.dll10.0.14393.5427 (rs1_release.220929-2054)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=6C4CAC9EFE57970AC9FF9DC2DC5CAA05,SHA256=B08B80DC5227DF37B5AD26B64A010D2BA1C559CD304F909D30D5D66775FAC590trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024133Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024132Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\windows.storage.dll10.0.14393.6167 (rs1_release.230802-0927)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=F0890D36B0ECD3C90DB70760F48A3833,SHA256=284659A50EC6701AF69A13F614D9D3A0425305D9BAA65AC6DDB49BBCE5F699E5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024131Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024130Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\iertutil.dll11.00.14393.6167 (rs1_release.230802-0927)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=37BCD2617297FF04A78AD779F3D56329,SHA256=FBADC7FA1C0DE080539C89F74DD16AB4534F71A6AC82BCD5503D71D49CCB39D5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024129Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\wininet.dll11.00.14393.5582 (rs1_release.221130-1719)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=CB2C069BBC0C6F01FCF8B8CC33B759F3,SHA256=20A51841566FBBADEE3D80FA2A5BCA22125CB60AB48D8C07868A0E104557D017trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024116Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.233{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\browser.dll10.0.14393.5066 (rs1_release.220401-1841)Computer Browser Service DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationbrowser.dllMD5=3CB586E3F6C84282B820E794003D1889,SHA256=9EA6B6D4E2AE625453512BFFADE43CDB2B882FFE7A4D13877B7A9B8C49E53664trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024102Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\sspicli.dll10.0.14393.5427 (rs1_release.220929-2054)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F10511E1F9516C086BB20E3D5EB431D6,SHA256=47188621270680F6ED71487376016AAED6A5FC7F70B18A5AC72C604A2755FA8DtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024101Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024100Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dhcpcsvc.dll10.0.14393.5427 (rs1_release.220929-2054)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=042BC1A44912D2421330C30291BC7AA1,SHA256=FBE69152BD0294AC80715FA35B0F8DE59A29DBE9DFC5E5041CB8AA6BB8B790DEtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024098Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dhcpcsvc6.dll10.0.14393.5427 (rs1_release.220929-2054)DHCPv6 ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc6.dllMD5=398C0C74B6EAB81F28413187CB31C3FC,SHA256=FDC3478B768C9666A82CFA7B5F78EB846F9C466C0FB9A3CE26B3E865A605BBF9trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024097Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024096Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.265{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024081Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.233{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\BingASDS.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Bing Auto Suggestion Datasource DllMicrosoft® Windows® Operating SystemMicrosoft CorporationBingASDS.dllMD5=D9D53ACC0C692EC7CA74FC142E82657E,SHA256=00E03087736623C47A49EFC2F8AF2E09C35E17314805C9A13C06EE2B4BAB3EE1trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024066Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024065Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\vcruntime140_1.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=CF0A1C4776FFE23ADA5E570FC36E39FE,SHA256=6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062024064Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\Tasks\vcruntime140.dll14.32.31332.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=7961263963841010A049265956B14666,SHA256=72B92683052E0C813890CAF7B4F8BFD331A8B2AFC324DD545D46138F677178C4false-UnavailableAR-WIN-2\Administrator 734700x800000000000000062024063Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcp140.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=1BA6D1CF0508775096F9E121A24E5863,SHA256=74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062024062Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FADtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024061Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024060Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\combase.dll10.0.14393.6078 (rs1_release.230626-1747)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=F9EDC9CB2A58E142D883CAF72E482EA8,SHA256=2311C7D52C94FB9B629EE099A2ACE83831B2AA929B12198672B4867415C3294BtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024059Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ole32.dll10.0.14393.5921 (rs1_release.230504-1649)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=1C80DF5BE5EB7D7C5BD475E21C760641,SHA256=A49D93F30BDEDD35F15D40542FF1AD008149137AED49055C829F0399149B1747trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024058Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\rpcrt4.dll10.0.14393.6167 (rs1_release.230802-0927)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=9CB074F67D34F00CAECD38A2935CF71B,SHA256=1B5C3BCAC11AD27DFEE3A4B8B30132541C9B3E206BDADCAFE3D3C4A6CC281E69trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024057Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\sechost.dll10.0.14393.6167 (rs1_release.230802-0927)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=68B7F724518D088533E1ECD2868469EA,SHA256=3EA1762B7BB09A4BE157469452F420ECCE75887186BEB173C5EB7B3C02C99AF2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024056Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024055Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\advapi32.dll10.0.14393.6167 (rs1_release.230802-0927)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=93872F14A5CE7F5FB4A60685A962A941,SHA256=4DAD9B17C90EE442227E8F8C7BAFF70241FA40A19DF7BB3ADF0D876383BD10F2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024054Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32full.dll10.0.14393.6167 (rs1_release.230802-0927)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=2171417AEEF8D2B301D4ECBA66BC99E9,SHA256=9DE7669D7A820B46C4862471D823A1B98D08E3D81C46527A8C3AFD34B8646751trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024053Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024052Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\win32u.dll10.0.14393.51 (rs1_release_inmarket.160801-1836)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=0482CFC6D06935953519340A0D360329,SHA256=7AB410C10BE2A2C3D46BCCD878D398DFFBF2116D1AB8A5106CBBE1F9D06931E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024051Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024049Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\KernelBase.dll10.0.14393.5850 (rs1_release.230329-2152)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0821162212E6D706CCB76E45AD94370A,SHA256=041AD87687BC67529D09E3115DFA3FD2617FC341E50223AD3F13226F0C087B74trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024048Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel32.dll10.0.14393.5786 (rs1_release.230308-2129)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=6106351FEF2322985DB428C333E087B6,SHA256=0C75568B56CBA20B5C8322FB6A721683245DD950F720A252B0BA804E0734B335trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024047Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ntdll.dll10.0.14393.5980 (rs1_release.230508-1729)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=86AEB760D9EF98E8AA602A5AC674A1E6,SHA256=A26B7BB6EE89FA07DAAB28D8CA8206BA88BA2419AB01514DF1FC0B8CF0EFB4EDtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062024046Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.218{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exeC:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72trueMicrosoft CorporationValidAR-WIN-2\Administrator 154100x800000000000000062024043Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:39:16.217{6B7A8EA0-D2E4-6601-BFE6-030000000F03}4528C:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEc:\windows\Tasks\sqlwriter.exeC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-03BF-65D6-E7CF-060000000000}0x6cfe72HighMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72{6B7A8EA0-D2D7-6601-B7E6-030000000F03}3152C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-2\Administrator 734700x800000000000000062021111Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.583{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\FWPUCLNT.DLL10.0.14393.0 (rs1_release.160715-1616)FWP/IPsec User-Mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationfwpuclnt.dllMD5=A65FA613342B08E0F760D8B13B9C135A,SHA256=C64A1EC862188D2EE1202DB02BFBF4E2DD56780905E509012799EB57FC9A88EDtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021091Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.583{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\bcrypt.dll10.0.14393.6078 (rs1_release.230626-1747)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=E1646639F9F581545605E98E4F539346,SHA256=31B0C8AB5A85D4566E7227852E8111EE615EDE842EC17DA8D6127D38556805E5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021084Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.504{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\rasadhlp.dll10.0.14393.0 (rs1_release.160715-1616)Remote Access AutoDial HelperMicrosoft® Windows® Operating SystemMicrosoft Corporationrasadhlp.dllMD5=FAE8D0480BDD905EEA453D3A57C8D5C6,SHA256=C1531223B8201B344A6A6474CB2D9B8A8C632250A3A6F472EC5E2D7D28ADD94CtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021058Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.489{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\urlmon.dll11.00.14393.6167 (rs1_release.230802-0927)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=3F274E4F2FBCA53479845EDDAE134410,SHA256=889F6FD5A4127C1B61AAB2945FA25823888E2D1B7D443059804EEB0BB60AA413trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021023Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.489{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021021Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.489{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1ECtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062021017Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.458{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\winhttp.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=44DF25F229E9374FA1290BE1CA03026B,SHA256=A446A296E85934FD9D10D7BD5B086FE6B4972FD7E93D4CC0ADC1068DD7A5AD81trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020965Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.473{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020957Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.458{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020941Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\iertutil.dll11.00.14393.6167 (rs1_release.230802-0927)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=37BCD2617297FF04A78AD779F3D56329,SHA256=FBADC7FA1C0DE080539C89F74DD16AB4534F71A6AC82BCD5503D71D49CCB39D5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020929Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.458{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=25B3BD4D63460EE4599F5631C1B83D21,SHA256=07E055D47940F09CB7EB512D52672C944D7D2F035A2F45766319871C0862C5B1trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020927Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.458{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020925Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020924Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\oleaut32.dll10.0.14393.6078 (rs1_release.230626-1747)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=76102A365A7CB74FB16D927F4E049D48,SHA256=3E3F0FE9B7A89470FA4A8D2B49B35A7852DE0B9B642E2EE88D2730B6F89243A7trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020923Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020922Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020921Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\shlwapi.dll10.0.14393.5427 (rs1_release.220929-2054)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=6C4CAC9EFE57970AC9FF9DC2DC5CAA05,SHA256=B08B80DC5227DF37B5AD26B64A010D2BA1C559CD304F909D30D5D66775FAC590trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020920Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020919Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\windows.storage.dll10.0.14393.6167 (rs1_release.230802-0927)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=F0890D36B0ECD3C90DB70760F48A3833,SHA256=284659A50EC6701AF69A13F614D9D3A0425305D9BAA65AC6DDB49BBCE5F699E5trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020918Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.442{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020916Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.426{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\wininet.dll11.00.14393.5582 (rs1_release.221130-1719)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=CB2C069BBC0C6F01FCF8B8CC33B759F3,SHA256=20A51841566FBBADEE3D80FA2A5BCA22125CB60AB48D8C07868A0E104557D017trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020913Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.395{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\sspicli.dll10.0.14393.5427 (rs1_release.220929-2054)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F10511E1F9516C086BB20E3D5EB431D6,SHA256=47188621270680F6ED71487376016AAED6A5FC7F70B18A5AC72C604A2755FA8DtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020912Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.379{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020911Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.379{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dhcpcsvc.dll10.0.14393.5427 (rs1_release.220929-2054)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=042BC1A44912D2421330C30291BC7AA1,SHA256=FBE69152BD0294AC80715FA35B0F8DE59A29DBE9DFC5E5041CB8AA6BB8B790DEtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020910Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.379{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\dhcpcsvc6.dll10.0.14393.5427 (rs1_release.220929-2054)DHCPv6 ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc6.dllMD5=398C0C74B6EAB81F28413187CB31C3FC,SHA256=FDC3478B768C9666A82CFA7B5F78EB846F9C466C0FB9A3CE26B3E865A605BBF9trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020909Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.379{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020908Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.379{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020907Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.241{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\accessibilitycpl.dll10.0.14393.0 (rs1_release.160715-1616)Ease of access control panelMicrosoft® Windows® Operating SystemMicrosoft CorporationAccessibilityCpl.DLLMD5=EFEC02DA10B4B0AF131AB8A020A8F6F0,SHA256=F2842C943AEC2928EC04A42C4B43E6BC1718DAC04FC6A56E7A9D2FC2C62F4565trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020874Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.210{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\BFE.DLL10.0.14393.4770 (rs1_release.211101-1440)Base Filtering EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationBFE.DLLMD5=94AD1E243D4A769B22A5077A969A5474,SHA256=7AA73B04BC133C6AD9F664C4821D1DA5B4727D48A3D3D846C4C5D8AD6BF79790trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020850Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\Tasks\vcruntime140.dll14.32.31332.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=7961263963841010A049265956B14666,SHA256=72B92683052E0C813890CAF7B4F8BFD331A8B2AFC324DD545D46138F677178C4false-UnavailableAR-WIN-2\Administrator 734700x800000000000000062020849Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020847Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\vcruntime140_1.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=CF0A1C4776FFE23ADA5E570FC36E39FE,SHA256=6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062020846Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcp140.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=1BA6D1CF0508775096F9E121A24E5863,SHA256=74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062020845Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FADtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020844Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020843Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\combase.dll10.0.14393.6078 (rs1_release.230626-1747)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=F9EDC9CB2A58E142D883CAF72E482EA8,SHA256=2311C7D52C94FB9B629EE099A2ACE83831B2AA929B12198672B4867415C3294BtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020842Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ole32.dll10.0.14393.5921 (rs1_release.230504-1649)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=1C80DF5BE5EB7D7C5BD475E21C760641,SHA256=A49D93F30BDEDD35F15D40542FF1AD008149137AED49055C829F0399149B1747trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020841Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\rpcrt4.dll10.0.14393.6167 (rs1_release.230802-0927)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=9CB074F67D34F00CAECD38A2935CF71B,SHA256=1B5C3BCAC11AD27DFEE3A4B8B30132541C9B3E206BDADCAFE3D3C4A6CC281E69trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020840Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\sechost.dll10.0.14393.6167 (rs1_release.230802-0927)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=68B7F724518D088533E1ECD2868469EA,SHA256=3EA1762B7BB09A4BE157469452F420ECCE75887186BEB173C5EB7B3C02C99AF2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020839Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020838Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.194{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\advapi32.dll10.0.14393.6167 (rs1_release.230802-0927)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=93872F14A5CE7F5FB4A60685A962A941,SHA256=4DAD9B17C90EE442227E8F8C7BAFF70241FA40A19DF7BB3ADF0D876383BD10F2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020837Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32full.dll10.0.14393.6167 (rs1_release.230802-0927)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=2171417AEEF8D2B301D4ECBA66BC99E9,SHA256=9DE7669D7A820B46C4862471D823A1B98D08E3D81C46527A8C3AFD34B8646751trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020836Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020835Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\win32u.dll10.0.14393.51 (rs1_release_inmarket.160801-1836)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=0482CFC6D06935953519340A0D360329,SHA256=7AB410C10BE2A2C3D46BCCD878D398DFFBF2116D1AB8A5106CBBE1F9D06931E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020834Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020832Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\KernelBase.dll10.0.14393.5850 (rs1_release.230329-2152)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0821162212E6D706CCB76E45AD94370A,SHA256=041AD87687BC67529D09E3115DFA3FD2617FC341E50223AD3F13226F0C087B74trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020831Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel32.dll10.0.14393.5786 (rs1_release.230308-2129)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=6106351FEF2322985DB428C333E087B6,SHA256=0C75568B56CBA20B5C8322FB6A721683245DD950F720A252B0BA804E0734B335trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020830Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ntdll.dll10.0.14393.5980 (rs1_release.230508-1729)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=86AEB760D9EF98E8AA602A5AC674A1E6,SHA256=A26B7BB6EE89FA07DAAB28D8CA8206BA88BA2419AB01514DF1FC0B8CF0EFB4EDtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062020829Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.179{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exeC:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72trueMicrosoft CorporationValidAR-WIN-2\Administrator 154100x800000000000000062020826Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:36:43.190{6B7A8EA0-D24B-6601-A6E6-030000000F03}6984C:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEc:\windows\Tasks\sqlwriter.exeC:\Users\Administrator\Desktop\AR-WIN-2\Administrator{6B7A8EA0-03BF-65D6-E7CF-060000000000}0x6cfe72HighMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72{6B7A8EA0-CE9D-6601-2BE6-030000000F03}7152C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-2\Administrator 734700x800000000000000062018489Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.352{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\vcruntime140_1.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=CF0A1C4776FFE23ADA5E570FC36E39FE,SHA256=6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062018483Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.368{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018459Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.352{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcp140.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=1BA6D1CF0508775096F9E121A24E5863,SHA256=74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823trueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062018441Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.352{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018439Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\vcruntime140.dll14.36.32532.0Microsoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=49C96CECDA5C6C660A107D378FDFC3D4,SHA256=69320F278D90EFAAEB67E2A1B55E5B0543883125834C812C8D9C39676E0494FCtrueMicrosoft Windows Software Compatibility PublisherValidAR-WIN-2\Administrator 734700x800000000000000062018438Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FADtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018437Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018436Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\combase.dll10.0.14393.6078 (rs1_release.230626-1747)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=F9EDC9CB2A58E142D883CAF72E482EA8,SHA256=2311C7D52C94FB9B629EE099A2ACE83831B2AA929B12198672B4867415C3294BtrueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018435Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ole32.dll10.0.14393.5921 (rs1_release.230504-1649)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=1C80DF5BE5EB7D7C5BD475E21C760641,SHA256=A49D93F30BDEDD35F15D40542FF1AD008149137AED49055C829F0399149B1747trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018434Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\rpcrt4.dll10.0.14393.6167 (rs1_release.230802-0927)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=9CB074F67D34F00CAECD38A2935CF71B,SHA256=1B5C3BCAC11AD27DFEE3A4B8B30132541C9B3E206BDADCAFE3D3C4A6CC281E69trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018433Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\sechost.dll10.0.14393.6167 (rs1_release.230802-0927)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=68B7F724518D088533E1ECD2868469EA,SHA256=3EA1762B7BB09A4BE157469452F420ECCE75887186BEB173C5EB7B3C02C99AF2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018432Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018431Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\advapi32.dll10.0.14393.6167 (rs1_release.230802-0927)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=93872F14A5CE7F5FB4A60685A962A941,SHA256=4DAD9B17C90EE442227E8F8C7BAFF70241FA40A19DF7BB3ADF0D876383BD10F2trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018430Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32full.dll10.0.14393.6167 (rs1_release.230802-0927)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=2171417AEEF8D2B301D4ECBA66BC99E9,SHA256=9DE7669D7A820B46C4862471D823A1B98D08E3D81C46527A8C3AFD34B8646751trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018429Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018423Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\win32u.dll10.0.14393.51 (rs1_release_inmarket.160801-1836)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=0482CFC6D06935953519340A0D360329,SHA256=7AB410C10BE2A2C3D46BCCD878D398DFFBF2116D1AB8A5106CBBE1F9D06931E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018415Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018410Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72trueMicrosoft CorporationValidAR-WIN-2\Administrator 734700x800000000000000062018402Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018400Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\KernelBase.dll10.0.14393.5850 (rs1_release.230329-2152)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0821162212E6D706CCB76E45AD94370A,SHA256=041AD87687BC67529D09E3115DFA3FD2617FC341E50223AD3F13226F0C087B74trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018399Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\kernel32.dll10.0.14393.5786 (rs1_release.230308-2129)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=6106351FEF2322985DB428C333E087B6,SHA256=0C75568B56CBA20B5C8322FB6A721683245DD950F720A252B0BA804E0734B335trueMicrosoft WindowsValidAR-WIN-2\Administrator 734700x800000000000000062018397Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.336{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exeC:\Windows\System32\ntdll.dll10.0.14393.5980 (rs1_release.230508-1729)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=86AEB760D9EF98E8AA602A5AC674A1E6,SHA256=A26B7BB6EE89FA07DAAB28D8CA8206BA88BA2419AB01514DF1FC0B8CF0EFB4EDtrueMicrosoft WindowsValidAR-WIN-2\Administrator 154100x800000000000000062018394Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-03-25 19:33:15.334{6B7A8EA0-D17B-6601-95E6-030000000F03}4468C:\Windows\Tasks\sqlwriter.exe2019.0150.2000.05 ((SQLServer).190924-2033)SQL Server VSS Writer - 64 BitMicrosoft SQL ServerMicrosoft CorporationSQLWRITER.EXEc:\windows\Tasks\sqlwriter.exeC:\Users\Administrator\Desktop\AR-WIN-2\Administrator{6B7A8EA0-03BF-65D6-E7CF-060000000000}0x6cfe72HighMD5=8550A0DE5B61A8F81A16AA3BDCDEF446,SHA256=43717DE020DB8E3201795E73C05398F3478CE07178C1BCB4E569307AF19A6F72{6B7A8EA0-CE9D-6601-2BE6-030000000F03}7152C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-2\Administrator