23542300x800000000000000060272Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:38.599{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E053C75A3972766780D81FB0B9210FF2,SHA256=B1B5362778903D26DD63C6C44EF9D427C58F499F34520EA98A1A0180291F74C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037837Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:38.003{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0539976450EBB909F60B3C750791F33D,SHA256=9F0CAD122B66231AE53EEA335DCD050762EE1785AE3C52A1AE4DA41DA0880C0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060273Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:39.615{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5B2870E4C83FDBA21CF95E9AFE7FC72,SHA256=6EAB3E7D4FA6607581C55E7D3B7AAE3FF609DE41689C6B4E1B7E4F9398103740,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000037851Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DD-60AD-2B00-00000000C601}28962916C:\Windows\system32\conhost.exe{266C2353-0027-60AE-4802-00000000C601}1532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037850Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037849Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037848Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037847Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037846Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037845Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037844Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037843Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037842Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037841Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DA-60AD-0500-00000000C601}404420C:\Windows\system32\csrss.exe{266C2353-0027-60AE-4802-00000000C601}1532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000037840Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.988{266C2353-F0DC-60AD-2300-00000000C601}21123860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{266C2353-0027-60AE-4802-00000000C601}1532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000037839Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.989{266C2353-0027-60AE-4802-00000000C601}1532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{266C2353-F0DA-60AD-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000037838Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:39.113{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2647DF12A755B18F08F107B385A1A596,SHA256=82989BEC29968A513FA04261E1DA8F9E16BF7C727CE5230E77E7D1821A779F6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060274Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:40.631{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EA87B20C31E0164B779242629290B56,SHA256=77CC334DE4905518820F752A178AF6C3B9DD4D21F67DB457F8A39CF97EEDB32C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000037867Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.816{266C2353-0028-60AE-4902-00000000C601}35523660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037866Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DD-60AD-2B00-00000000C601}28962916C:\Windows\system32\conhost.exe{266C2353-0028-60AE-4902-00000000C601}3552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037865Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037864Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037863Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037862Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037861Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037860Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037859Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037858Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037857Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037856Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DA-60AD-0500-00000000C601}404420C:\Windows\system32\csrss.exe{266C2353-0028-60AE-4902-00000000C601}3552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000037855Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.660{266C2353-F0DC-60AD-2300-00000000C601}21123860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{266C2353-0028-60AE-4902-00000000C601}3552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000037854Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.661{266C2353-0028-60AE-4902-00000000C601}3552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{266C2353-F0DA-60AD-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000037853Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.253{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D087DAB7F186B56D740EA8D608D54B8,SHA256=A3C68CFE0D65C1A53CB9735D623D857F13B50733E240CF8B67C6DBD2FD5CB9DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000037852Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:40.175{266C2353-0027-60AE-4802-00000000C601}15322960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060284Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.849{7CDEDE96-0029-60AE-7302-00000000C501}11806068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060283Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.724{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D323C7AB209E0E19EF2E5D988CD15F40,SHA256=B02E7C1ACA1DBFB631AD6FF81E4DF41A764CBFE979D6848F3FDB326305CA205A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000037883Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.504{266C2353-0029-60AE-4A02-00000000C601}1056600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037882Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DD-60AD-2B00-00000000C601}28962916C:\Windows\system32\conhost.exe{266C2353-0029-60AE-4A02-00000000C601}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037881Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037880Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037879Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037878Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037877Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037876Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037875Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037874Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037873Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037872Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DA-60AD-0500-00000000C601}404524C:\Windows\system32\csrss.exe{266C2353-0029-60AE-4A02-00000000C601}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000037871Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-F0DC-60AD-2300-00000000C601}21123860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{266C2353-0029-60AE-4A02-00000000C601}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000037870Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.333{266C2353-0029-60AE-4A02-00000000C601}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{266C2353-F0DA-60AD-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000037869Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.316{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC38831FA05F6A2681A3D8795C255B77,SHA256=620701B7C433CC25EE756B13BF787A77FFD751C3371C97A567483D46A619DBE4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060282Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-0029-60AE-7302-00000000C501}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060281Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060280Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060279Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060278Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060277Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0CE-60AD-0500-00000000C501}416432C:\Windows\system32\csrss.exe{7CDEDE96-0029-60AE-7302-00000000C501}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060276Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.505{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-0029-60AE-7302-00000000C501}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060275Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:41.506{7CDEDE96-0029-60AE-7302-00000000C501}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000037868Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.003{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8505FBDBC3BA89CD3E2127BCADC01672,SHA256=B5E1B342BC6C0BB550583D3D6596D58E596EC0A60550B053E2DC5D588FDE5E20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037885Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:42.507{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=953D648B61EBAFC59273195BF80254A6,SHA256=6B2B93E2DE4FAE4D91C7D11CE0E641B6A941DEECF8A0F9FB909245A4E8E906DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037884Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:42.363{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31126593FB4C2085D75800C95AD0B6B9,SHA256=664CF52C6BC4F795C29F9B221D70A5DCC71D9B9BABA1FB2A027CAB1107B85831,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060295Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.742{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D18C594B700427067965EBE8958A8168,SHA256=BAD2FE1B2D10C068D257392CCDC44BD05D594DD1791B411EB3C947566F8841A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060294Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.554{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8FFA4E319EB92D06A5F96A6265B06C4,SHA256=480D8E651A8C6DB1F86FCBC617CAB4AE6DAE10D5B2C8755539BDDE36B88BC559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060293Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.554{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E0AD2757FF8236FBBCAC75862D3270C8,SHA256=EF6A4F2D0839C193EE7AE076A3DC1067C526E394A375A5EDCEBBE9E03769251F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060292Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-002A-60AE-7402-00000000C501}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060291Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060290Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060289Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060288Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060287Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0CE-60AD-0500-00000000C501}416432C:\Windows\system32\csrss.exe{7CDEDE96-002A-60AE-7402-00000000C501}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060286Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.037{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-002A-60AE-7402-00000000C501}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060285Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:42.038{7CDEDE96-002A-60AE-7402-00000000C501}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000060305Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-002B-60AE-7502-00000000C501}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060304Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060303Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060302Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060301Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060300Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0CE-60AD-0500-00000000C501}416532C:\Windows\system32\csrss.exe{7CDEDE96-002B-60AE-7502-00000000C501}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060299Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.898{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-002B-60AE-7502-00000000C501}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060298Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.899{7CDEDE96-002B-60AE-7502-00000000C501}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000060297Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:40.256{7CDEDE96-F0EC-60AD-6C00-00000000C501}3820C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-141.attackrange.local50929-false10.0.1.12-8000- 23542300x800000000000000060296Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.773{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3886C74F9AFD517ED79FFFD28357DAF1,SHA256=B4E337647A7D77A40238FB0F6F9E864514AAA0F62D16C3D15C7C83B0577A99A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000037900Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:41.286{266C2353-F0E6-60AD-6400-00000000C601}3848C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-267.attackrange.local50513-false10.0.1.12-8000- 23542300x800000000000000037899Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.460{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F3B70F8766F87C0BEF3326F0FE0ABE5,SHA256=A47AFD6F19FDE8EA09C7AD14452602C8167A4CC48400D778FC73A8979DE4C47D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000037898Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DD-60AD-2B00-00000000C601}28962916C:\Windows\system32\conhost.exe{266C2353-002B-60AE-4B02-00000000C601}888C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037897Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037896Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037895Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037894Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037893Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037892Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037891Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037890Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037889Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0C00-00000000C601}7203432C:\Windows\system32\svchost.exe{266C2353-F0DC-60AD-2200-00000000C601}1740C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000037888Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DA-60AD-0500-00000000C601}404420C:\Windows\system32\csrss.exe{266C2353-002B-60AE-4B02-00000000C601}888C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000037887Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.413{266C2353-F0DC-60AD-2300-00000000C601}21123860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{266C2353-002B-60AE-4B02-00000000C601}888C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000037886Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:43.414{266C2353-002B-60AE-4B02-00000000C601}888C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{266C2353-F0DA-60AD-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000060306Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:44.882{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C9AF0D4237340051AA2EEF401574A18,SHA256=00D533B1668C93809A32EC851EAFA0CAA7D132B8FABB6BB22A4ACE4750ED5F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037902Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:44.648{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DDA27E326CF02390A8D106717E28290,SHA256=DFD31CD6CBA5C5BD5F12E0F10C13224B6A2A0FF8C231BA9598890A4B67F04538,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037901Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:44.460{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E0D61ECA74292A93C5CEAAC944D744F,SHA256=E03514388735CBF53DE1949F8763DE8FE4AB618A034D830D8683779123E3275B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060318Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.055{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local50930-true0:0:0:0:0:0:0:1win-dc-141.attackrange.local389ldap 354300x800000000000000060317Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:43.055{7CDEDE96-F0E1-60AD-2D00-00000000C501}2484C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local50930-true0:0:0:0:0:0:0:1win-dc-141.attackrange.local389ldap 23542300x800000000000000060316Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.898{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A4331327E47135DD755268A876B1E6,SHA256=0164EB037E33625D5ED5DAAC3D38BC41927B3FE729B89EDDFB1AAF7EFC1FEBC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037903Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:45.476{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A90F47F626B2A4B54F3FE5C3A04B4C2,SHA256=1B7831A5187DB9FB7BFDA1C19A9086BA972883F3974352F68E962E77174FD900,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060315Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-002D-60AE-7602-00000000C501}6056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060314Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060313Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060312Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060311Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060310Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0CE-60AD-0500-00000000C501}416532C:\Windows\system32\csrss.exe{7CDEDE96-002D-60AE-7602-00000000C501}6056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060309Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-002D-60AE-7602-00000000C501}6056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060308Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.836{7CDEDE96-002D-60AE-7602-00000000C501}6056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000060307Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:45.132{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8FFA4E319EB92D06A5F96A6265B06C4,SHA256=480D8E651A8C6DB1F86FCBC617CAB4AE6DAE10D5B2C8755539BDDE36B88BC559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037904Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:46.570{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FA161E265813F091AD2A12D4D831D9D,SHA256=9559CCBA0C5190CC780D991D8AB7D3BC0389E490228A490C239B549150C207D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060329Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.867{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB8F18A683F86B203F05FF070C2D4B2A,SHA256=8E1806E32D50ED88BDEFCEDDEBAC4F25DC6CA8A11DBBC92E0B92C5274C4B235B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060328Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.695{7CDEDE96-002E-60AE-7702-00000000C501}52566084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060327Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-002E-60AE-7702-00000000C501}5256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060326Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060325Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060324Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060323Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060322Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0CE-60AD-0500-00000000C501}416412C:\Windows\system32\csrss.exe{7CDEDE96-002E-60AE-7702-00000000C501}5256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060321Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.507{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-002E-60AE-7702-00000000C501}5256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060320Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.508{7CDEDE96-002E-60AE-7702-00000000C501}5256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000060319Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.117{7CDEDE96-002D-60AE-7602-00000000C501}60563660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000037906Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:47.867{266C2353-F0DC-60AD-2300-00000000C601}2112NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2F1724F00759EE4F880E718B76065E77,SHA256=4BB0DE52B6B503EDAC96D87342AEC7B93BB8D12747B22ABA0AD4EE535930269B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037905Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:47.585{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5855DC18BA49C250200AF4EC13FF351,SHA256=E804529D560B46031475E4FA8A7119BA440FA248B26159279A6B4814EFE64F04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060339Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.273{7CDEDE96-002F-60AE-7802-00000000C501}15086076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060338Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-002F-60AE-7802-00000000C501}1508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060337Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060336Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060335Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060334Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060333Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0CE-60AD-0500-00000000C501}416432C:\Windows\system32\csrss.exe{7CDEDE96-002F-60AE-7802-00000000C501}1508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060332Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.070{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-002F-60AE-7802-00000000C501}1508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060331Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.071{7CDEDE96-002F-60AE-7802-00000000C501}1508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000060330Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:47.023{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=887B0DA8E5A434A2A234B0F390D6E8C3,SHA256=922AF49F3581BCC981B9690D0660D8011F5AD9DDA39997993D0D938156E43577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037907Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:48.820{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=302195B522450E300DFC569539E2EAB8,SHA256=BE3BF23895CB8C3E5042D8577EB12963321CE3A50BCFEBAEF1F6969E119A0D88,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060349Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0E2-60AD-3700-00000000C501}34003420C:\Windows\system32\conhost.exe{7CDEDE96-0030-60AE-7902-00000000C501}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060348Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060347Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060346Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060345Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060344Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0CE-60AD-0500-00000000C501}416532C:\Windows\system32\csrss.exe{7CDEDE96-0030-60AE-7902-00000000C501}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060343Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.695{7CDEDE96-F0E1-60AD-3000-00000000C501}22403476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7CDEDE96-0030-60AE-7902-00000000C501}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060342Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.696{7CDEDE96-0030-60AE-7902-00000000C501}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7CDEDE96-F0CF-60AD-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{7CDEDE96-F0E1-60AD-3000-00000000C501}2240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000060341Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.148{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F60D98791B937C436465CCA61BE1964,SHA256=AF80D12E6EE444CCCEEC08DF43490EF64545D6C5600A3C84CD5934CA048BEED8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060340Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:48.070{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E6D8D70CEE70D195F1E4E46A7990800,SHA256=F51C6FC1D698DDDB01C38D26F5A84409790A168469CA64FB8CEF286F32FBC53F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037908Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:49.835{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9931E10DCD3F6D7F8221AE374198F27,SHA256=C4825C2BFEB17FB8ACC5D3AF5B97A0D5FCEFE24C3A6BAF5BD0B444B14B76B2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060352Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.711{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78152CF3D5F9AF1DE260F4BD94BF3214,SHA256=512F97FDA2796A427B7A449BDD15DDCDF355E19628A031A7063F80B6B573D419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060351Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.164{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E3AEBC6F7644ABC9820C25CB433FC26,SHA256=BAD7E2AE23C0C3E1575EB89F677CF249EB85741CFAEC91E110329566770C876B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060350Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:46.259{7CDEDE96-F0EC-60AD-6C00-00000000C501}3820C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-141.attackrange.local50931-false10.0.1.12-8000- 23542300x800000000000000037910Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:50.851{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53C5EB968C49F51F781357CE00237089,SHA256=9A0FCF9FEA51123CCF66F7EF7636B7BC0B4A756BAA4551005CD18A8C2BB6FF7B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000060356Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-SetValue2021-05-26 08:00:50.836{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\D370F6FF-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_D370F6FF-0000-0000-0000-100000000000.XML 13241300x800000000000000060355Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-SetValue2021-05-26 08:00:50.836{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\30D2AA0C-2752-4015-BD52-B163B3999E1B\Config SourceDWORD (0x00000001) 13241300x800000000000000060354Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-SetValue2021-05-26 08:00:50.836{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\30D2AA0C-2752-4015-BD52-B163B3999E1B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_30D2AA0C-2752-4015-BD52-B163B3999E1B.XML 23542300x800000000000000060353Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:50.179{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68B51544A39385F460EE3620CD9D6728,SHA256=A090DC84D1845814C318DD8CB67F54BCDDF657BCE852C7D5315DC8328F72BD12,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000037909Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:47.023{266C2353-F0DC-60AD-2300-00000000C601}2112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-267.attackrange.local50514-false10.0.1.12-8089- 23542300x800000000000000037912Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:51.867{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3ABB09100EDBE5DC0AD424CCB836E96,SHA256=0CAC54B0F4083B1A10898C755E6EEFD8042FCC94A3B0F3AE06E4823DD93F7CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060358Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:51.867{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28C005300363305A622CDA38012F0F34,SHA256=F39F628D2EAE9283A97C4CAF040B1BEA221AB9EAEF9F492B955B7E778EE5F75A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060357Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:51.195{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50F310F5B29410927904F43386804CEF,SHA256=FD801B82B1ED831F816E7D061708B7CA695C68F4B1EB857CF5D58C70BD6CE38E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000037911Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:47.181{266C2353-F0E6-60AD-6400-00000000C601}3848C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-267.attackrange.local50515-false10.0.1.12-8000- 23542300x800000000000000037913Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:52.898{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A480022E1F99C6B047E3050FE7C3EA7,SHA256=364E31BA6FBAE3C85CF958B2F93910F69710582BC0B6AC7810EBCF88C80C274E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060364Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:52.367{7CDEDE96-F8F2-60AD-8901-00000000C501}19404224C:\Windows\system32\taskhostw.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000060363Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.970{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50933-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 354300x800000000000000060362Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.970{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50933-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 354300x800000000000000060361Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.947{7CDEDE96-F0D1-60AD-0D00-00000000C501}892C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50932-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local135epmap 354300x800000000000000060360Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.947{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50932-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local135epmap 23542300x800000000000000060359Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:52.226{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA685CD8075036FE4F353ED3A8BB80D4,SHA256=13EEA1B23E1336D707EC6FDFD249AD97E1B65F4B096677FDEC9615D295F99931,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060374Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.773{7CDEDE96-F0D1-60AD-1600-00000000C501}13242480C:\Windows\system32\svchost.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060373Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.773{7CDEDE96-F0D1-60AD-1600-00000000C501}13241376C:\Windows\system32\svchost.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060372Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.757{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060371Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.757{7CDEDE96-F8F0-60AD-7E01-00000000C501}13361996C:\Windows\system32\csrss.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060370Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.757{7CDEDE96-F0CE-60AD-0500-00000000C501}416532C:\Windows\system32\csrss.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060369Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.757{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-0035-60AE-7A02-00000000C501}2456C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000060368Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.979{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50934-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 354300x800000000000000060367Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:49.979{7CDEDE96-F0E1-60AD-2F00-00000000C501}2504C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50934-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 23542300x800000000000000060366Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.257{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBCE36AF9CC8580EC55652991D0AD1C1,SHA256=2BA76EF4D6111C8B28C680970D2B5CF041A79CA20C8829BFF2CCB3438EE7777B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060365Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:53.242{7CDEDE96-F8F2-60AD-8901-00000000C501}19404224C:\Windows\system32\taskhostw.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000037914Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:54.039{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6472E76E1A026E1C6A5955F1F28F48F3,SHA256=502FC52D1E592B7F0FB3530B5D5119186AF0AD2335CBE277C2301CBB25ADA392,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060380Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.929{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060379Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.929{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060378Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.929{7CDEDE96-F0CF-60AD-0B00-00000000C501}632684C:\Windows\system32\lsass.exe{7CDEDE96-F0CF-60AD-0A00-00000000C501}624C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060377Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.757{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B69CBC1190B7995B67059D604AA9DBA,SHA256=2611CE04E4297AFF24BA709FC98A43A21A330155413B4C0B338D2D0BC729E438,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060376Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:51.351{7CDEDE96-F0EC-60AD-6C00-00000000C501}3820C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-141.attackrange.local50935-false10.0.1.12-8000- 23542300x800000000000000060375Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.273{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84E56E883B2B1608836912AF98F709B1,SHA256=4B1262BC458F487FEF860FDA81C259DBC09BF9B1890A879DF7476E7FE1585660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060383Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.960{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A8659CD6E85A1A813D5982529E909902,SHA256=73291507093BE6AA3FF0469D71BCACA779233C9E2FE9AA5E1331E5F091F71F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060382Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.960{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=BFEDBE30AA1C1EF3C685EF7BB38023EE,SHA256=4D3C1AA85BC3B5063EC4252D3AB2B2B0C97AA5193A9EBC3C14C5F2BC569E30E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060381Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.289{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58AF9D132631834FC289A887680D186A,SHA256=97488A124BC6071BC9555895B7656F36166423C96DB7AA58A03827EB78C9B10C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000037916Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:52.367{266C2353-F0E6-60AD-6400-00000000C601}3848C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-267.attackrange.local50516-false10.0.1.12-8000- 23542300x800000000000000037915Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:55.054{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A191DE6890BC04FAB9106674B66E4B5,SHA256=AEB448EEA0643C86A55906D5FD8EAFB9F5C92560A35E7C4D2D3AD82D5DF6342A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060389Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:56.726{7CDEDE96-F0CF-60AD-0B00-00000000C501}632684C:\Windows\system32\lsass.exe{7CDEDE96-F0B3-60AD-0100-00000000C501}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x800000000000000060388Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.069{7CDEDE96-F0D1-60AD-1400-00000000C501}1084C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-141.attackrange.local50936-false93.184.221.240-80http 354300x800000000000000060387Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.066{7CDEDE96-F0E1-60AD-2A00-00000000C501}3012C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local51866- 354300x800000000000000060386Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.065{7CDEDE96-F0E1-60AD-2A00-00000000C501}3012C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local58125- 354300x800000000000000060385Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:54.064{7CDEDE96-F0E1-60AD-2A00-00000000C501}3012C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-141.attackrange.local52657- 23542300x800000000000000060384Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:56.304{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7FF9DF7E60E20B8E490DF0249BD7617,SHA256=4A62C50FF44508A2C549D119B43FB7E82422C54F104A13D9753E108BC28EFF69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037917Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:56.070{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F815F00A5D3253774292263FE3C722D,SHA256=49F2B401538F0EAF018E2B0873E110ACD2E44BE961214F974F6C928184317D4A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060448Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.679{7CDEDE96-F8F2-60AD-8501-00000000C501}40485600C:\Windows\System32\RuntimeBroker.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000060447Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.679{7CDEDE96-F8F2-60AD-8501-00000000C501}40485600C:\Windows\System32\RuntimeBroker.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000060446Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.679{7CDEDE96-F8F3-60AD-8F01-00000000C501}45806140C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060445Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.679{7CDEDE96-F8F3-60AD-8F01-00000000C501}45806140C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060444Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.648{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D523D0744FF72605642194BB8AA05629,SHA256=EF72DB51B45853D43FA0A35BD2C85D15AA1BDF62F5C771399E3C99481834E278,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060443Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.648{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C581F9E555872BEE058566CF203E9184,SHA256=0FADC7B587DC703773906987A38AA61393113D7EA52CD000BE3C38622D82EF1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060442Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F2-60AD-8501-00000000C501}40485600C:\Windows\System32\RuntimeBroker.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000060441Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F2-60AD-8501-00000000C501}40485600C:\Windows\System32\RuntimeBroker.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000060440Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805520C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13af|C:\Windows\System32\SHELL32.dll+b3175|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060439Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805520C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b308e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060438Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000060437Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.632{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000060436Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.617{7CDEDE96-F0E1-60AD-2B00-00000000C501}30205288C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000060435Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.617{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805520C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060434Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.617{7CDEDE96-F0E1-60AD-2B00-00000000C501}30205288C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000060433Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060432Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060431Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060430Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060429Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060428Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060427Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060426Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060425Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060424Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000037918Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:57.086{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78812F43D6B9C08455924DB9F8A84F84,SHA256=A400943F5F1550517578ED080A1885C02B0A2802EB1A754F4F168C3E56D6DB7E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060423Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060422Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060421Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060420Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060419Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060418Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060417Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060416Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060415Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060414Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060413Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060412Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}892920C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060411Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060410Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D1-60AD-0D00-00000000C501}8925044C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060409Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060408Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060407Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060406Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060405Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060404Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060403Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060402Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060401Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060400Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060399Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060398Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060397Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060396Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804800C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060395Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804964C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060394Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F0D0-60AD-0C00-00000000C501}836620C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060393Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804964C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060392Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37528|C:\Windows\System32\TwinUI.dll+37448|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+10928d|C:\Windows\System32\TwinUI.dll+d211f|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060391Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.601{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37590|C:\Windows\System32\TwinUI.dll+37435|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+10928d|C:\Windows\System32\TwinUI.dll+d211f|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060390Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.382{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6829B2675E4EAA866DA6E590AF05958A,SHA256=563BC8F75FA80A924C82FAFAC66B0D5162A3DC47CB7C64A71C0521B1319F97E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060473Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.855{7CDEDE96-F0B3-60AD-0100-00000000C501}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50939-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local445microsoft-ds 354300x800000000000000060472Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.855{7CDEDE96-F0B3-60AD-0100-00000000C501}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50939-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local445microsoft-ds 354300x800000000000000060471Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.758{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-141.attackrange.local50938-false10.0.1.14win-dc-141.attackrange.local389ldap 354300x800000000000000060470Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.758{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-141.attackrange.local50938-false10.0.1.14win-dc-141.attackrange.local389ldap 354300x800000000000000060469Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.747{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50937-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 354300x800000000000000060468Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:55.747{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local50937-truefe80:0:0:0:65f2:4cfa:8525:80c9win-dc-141.attackrange.local389ldap 10341000x800000000000000060467Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060466Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060465Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060464Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060463Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060462Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F8F2-60AD-8601-00000000C501}10565276C:\Windows\system32\sihost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060461Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.789{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B4BF2117A71C8F1871D916D6DB35070,SHA256=C899CFD7B7792A4736A809AB861B151AC56C46AAE60A3E0ADD63EF97488B951E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060460Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.726{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060459Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.726{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060458Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.726{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060457Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.726{7CDEDE96-F0E1-60AD-2B00-00000000C501}30205532C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000060456Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.726{7CDEDE96-F0E1-60AD-2B00-00000000C501}30205532C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000060455Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.445{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000060454Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.445{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804692C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 23542300x800000000000000037919Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:58.102{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=247FD2E1D7F7AE66794D4156E0A02ECF,SHA256=1918FE1248FCEA735585A0940646C89FE61A580DEAAC6DCF9A29ECDE28A3A1FA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060453Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.414{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060452Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.398{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805412C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060451Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.398{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805412C:\Windows\Explorer.EXE{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060450Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.398{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060449Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:58.382{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060489Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.929{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=649CD0A2874DE862552AB6A0709ABE0D,SHA256=B9CED43F7F93C9E2EE449F609212FD5A12E6F368791CBD8FDA2E2D7E78AB53DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060488Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:57.367{7CDEDE96-F0EC-60AD-6C00-00000000C501}3820C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-141.attackrange.local50940-false10.0.1.12-8000- 23542300x800000000000000037920Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:59.117{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84AB044410E7B117788A9CD632EB5928,SHA256=2D9CF47941C536AFC02AAEF44911FEEC41F945BB1B4BE5B4AD684E84EBD1AB6F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060487Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060486Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060485Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060484Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060483Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060482Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060481Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060480Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060479Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060478Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060477Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060476Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060475Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060474Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:00:59.445{7CDEDE96-F0D1-60AD-0D00-00000000C501}892912C:\Windows\system32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060512Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.929{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E765B68CC29BD07B13C6EB1A0E547599,SHA256=38BD72F612D52A045925BE098B5000F2AD0958F16842E50D6226E1741743E3CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000037922Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:00:58.398{266C2353-F0E6-60AD-6400-00000000C601}3848C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-267.attackrange.local50517-false10.0.1.12-8000- 23542300x800000000000000037921Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:01:00.133{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18B496B6421AB0AC0845B10BA761AE3F,SHA256=25CD802281643B919395CC195F1850FDEDB46CB9F76E9CA3803A0A604AFE03CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060511Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.258{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A8659CD6E85A1A813D5982529E909902,SHA256=73291507093BE6AA3FF0469D71BCACA779233C9E2FE9AA5E1331E5F091F71F84,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060510Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.210{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5122|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060509Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.179{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060508Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.164{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060507Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.164{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060506Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.117{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060505Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.117{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060504Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.117{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060503Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.117{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060502Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.101{7CDEDE96-F8F0-60AD-7E01-00000000C501}13361996C:\Windows\system32\csrss.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060501Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.101{7CDEDE96-003C-60AE-7B02-00000000C501}54403136C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+661c|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060500Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.107{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe88.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{7CDEDE96-F8F1-60AD-54C9-100000000000}0x10c9542MediumMD5=F7A3347AC587E97C57CFAC49A17BD309,SHA256=6406A0632375EDC8C2EFA84E32EE6771AFFC4E34A45CB6CD7E88E0CA899C74AD,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x800000000000000060499Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.101{7CDEDE96-003C-60AE-7B02-00000000C501}54403136C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5122|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060498Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.054{7CDEDE96-F0D1-60AD-1200-00000000C501}4042936C:\Windows\System32\svchost.exe{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060497Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.054{7CDEDE96-F0D1-60AD-1200-00000000C501}4042936C:\Windows\System32\svchost.exe{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060496Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F8F0-60AD-7E01-00000000C501}13361996C:\Windows\system32\csrss.exe{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060495Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060494Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060493Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804560C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e61f|C:\Windows\System32\windows.storage.dll+16e295|C:\Windows\System32\windows.storage.dll+16dd86|C:\Windows\System32\windows.storage.dll+16f1f8|C:\Windows\System32\windows.storage.dll+16dbae|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\windows.storage.dll+1664ae|C:\Windows\System32\windows.storage.dll+1661a2|C:\Windows\System32\SHELL32.dll+90ee1|C:\Windows\System32\SHELL32.dll+8fd46|C:\Windows\System32\SHELL32.dll+d0c11|C:\Windows\System32\SHELL32.dll+b6e2e|C:\Windows\System32\windows.storage.dll+2d1a2|C:\Windows\System32\windows.storage.dll+2ce99|C:\Windows\System32\windows.storage.dll+2cd6f|C:\Windows\System32\SHELL32.dll+d0c97|C:\Windows\System32\SHELL32.dll+b6e2e|C:\Windows\System32\SHELL32.dll+18d33c 10341000x800000000000000060492Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060491Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.023{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060490Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:00.020{7CDEDE96-003C-60AE-7B02-00000000C501}5440C:\Program Files\Mozilla Firefox\firefox.exe88.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{7CDEDE96-F8F1-60AD-54C9-100000000000}0x10c9542HighMD5=F7A3347AC587E97C57CFAC49A17BD309,SHA256=6406A0632375EDC8C2EFA84E32EE6771AFFC4E34A45CB6CD7E88E0CA899C74AD,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{7CDEDE96-F8F3-60AD-8F01-00000000C501}4580C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000060518Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.976{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060517Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.976{7CDEDE96-F0D1-60AD-1600-00000000C501}1324708C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060516Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.976{7CDEDE96-F0D1-60AD-1600-00000000C501}13241376C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060515Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.960{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1673102CFCAAF4B908BAFDDB974A23AD,SHA256=EC8D1E153B33455196E03F029D84C83B1461D26DE714E94DEB2913BF55180F3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037923Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:01:01.149{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AB5A7661EA3D6DF9D8B923C88A55560,SHA256=B29F90AA2513153447CF2FC7F54CE0528CCDB343B8FB5C14966C9823A1E8F900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060514Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.226{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38F3E08EAEA130DC9F405C657E6BC569,SHA256=B2CB88D5E1469FEDE55A5C796068E720F769B964AD15F2F3F632DA4199AE27D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060513Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.054{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=C44CFAA1E0BC1118B283C368D87C2649,SHA256=67FEDB967D8B1F118AEE544B40965FCB0655A89FA9C4882B12F4688AE2FE84A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000037924Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:01:02.164{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8791BD7219FD2A53638EE144F9DF8BBF,SHA256=2943BCC2E8644B3B19D80F1505CDE6E9EAC5261B7CC92B3CDC88312C4DE52227,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060642Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.997{7CDEDE96-003C-60AE-7C02-00000000C501}41405572C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+1213abc|C:\Program Files\Mozilla Firefox\xul.dll+1321d41|C:\Program Files\Mozilla Firefox\xul.dll+2005b1|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+1ff2bd|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f5cf|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060641Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.995{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060640Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.995{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060639Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.981{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+1c51834|C:\Program Files\Mozilla Firefox\xul.dll+1611d2|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+1bf469|UNKNOWN(0000006582161E84) 10341000x800000000000000060638Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.980{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+1c51834|C:\Program Files\Mozilla Firefox\xul.dll+1611d2|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+1bf469|UNKNOWN(0000006582161E84) 10341000x800000000000000060637Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.979{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+1c51834|C:\Program Files\Mozilla Firefox\xul.dll+1611d2|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+17feb9|UNKNOWN(0000006582163DFF) 10341000x800000000000000060636Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.978{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+1c51834|C:\Program Files\Mozilla Firefox\xul.dll+1611d2|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+f8c2a|C:\Program Files\Mozilla Firefox\xul.dll+3b83438|C:\Program Files\Mozilla Firefox\xul.dll+14d181|C:\Program Files\Mozilla Firefox\xul.dll+14d0d8|C:\Program Files\Mozilla Firefox\xul.dll+1480e6c|C:\Program Files\Mozilla Firefox\xul.dll+144ed8|C:\Program Files\Mozilla Firefox\xul.dll+19b9371|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+157902|C:\Program Files\Mozilla Firefox\xul.dll+2ae974|C:\Program Files\Mozilla Firefox\xul.dll+3b6710c|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d 23542300x800000000000000060635Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.976{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C9CD4901A8861B8C870F652B4F28646,SHA256=846EA8D8F3DAE98274572D398C4774C73BE35265E9D0208CD6C98626DA67606D,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060634Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.12.14818892C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060633Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.11.17843883C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060632Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.10.58023599C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060631Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.8.52067545C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060630Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.9.151740711C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060629Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.7.136562732C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060628Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.951{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4384.3.140404327C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060627Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.951{7CDEDE96-003E-60AE-7F02-00000000C501}4384\chrome.4384.3.140404327C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060626Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.920{7CDEDE96-F0D1-60AD-1000-00000000C501}3841648C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060625Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.920{7CDEDE96-F0D1-60AD-1000-00000000C501}3841648C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060624Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.904{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E316100C5B017C4EC9B738603725B890,SHA256=07F36C7891F9DCE96CA7FE63DDE4A140FF20EE024EF9797E28FFF64690E9C5ED,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060623Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.904{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4384.2.23818579C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060622Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.904{7CDEDE96-003E-60AE-7F02-00000000C501}4384\chrome.4384.2.23818579C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060621Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.904{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4384.1.124995953C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060620Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.904{7CDEDE96-003E-60AE-7F02-00000000C501}4384\chrome.4384.1.124995953C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060619Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.888{7CDEDE96-003E-60AE-7F02-00000000C501}4384\chrome.4384.0.83201898C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060618Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.888{7CDEDE96-003E-60AE-7F02-00000000C501}4384\chrome.4384.0.83201898C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060617Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.888{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060616Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.888{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060615Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.873{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120715e|C:\Program Files\Mozilla Firefox\xul.dll+16b1fec|C:\Program Files\Mozilla Firefox\xul.dll+69224b|C:\Program Files\Mozilla Firefox\xul.dll+17aeb52|C:\Program Files\Mozilla Firefox\xul.dll+17aea84|C:\Program Files\Mozilla Firefox\xul.dll+68fa77|C:\Program Files\Mozilla Firefox\xul.dll+17abf14|C:\Program Files\Mozilla Firefox\xul.dll+17b587d|C:\Program Files\Mozilla Firefox\xul.dll+17a9e08|C:\Program Files\Mozilla Firefox\xul.dll+17aa25f|C:\Program Files\Mozilla Firefox\xul.dll+6800fd|C:\Program Files\Mozilla Firefox\xul.dll+65869f|C:\Program Files\Mozilla Firefox\xul.dll+64ebcb|C:\Program Files\Mozilla Firefox\xul.dll+2c2af21|C:\Program Files\Mozilla Firefox\xul.dll+2c2a2c0|C:\Program Files\Mozilla Firefox\xul.dll+62d9e1|C:\Program Files\Mozilla Firefox\xul.dll+2c2935b|C:\Program Files\Mozilla Firefox\xul.dll+2c292d9|C:\Program Files\Mozilla Firefox\xul.dll+2ced2b6|C:\Program Files\Mozilla Firefox\xul.dll+2ceac59|C:\Program Files\Mozilla Firefox\xul.dll+2ce9384 10341000x800000000000000060614Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.873{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+1228a69|C:\Program Files\Mozilla Firefox\xul.dll+1228989|C:\Program Files\Mozilla Firefox\xul.dll+122607d|C:\Program Files\Mozilla Firefox\xul.dll+1226524|C:\Program Files\Mozilla Firefox\xul.dll+16cbe91|C:\Program Files\Mozilla Firefox\xul.dll+690c09|C:\Program Files\Mozilla Firefox\xul.dll+690b14|C:\Program Files\Mozilla Firefox\xul.dll+6908fd|C:\Program Files\Mozilla Firefox\xul.dll+690534|C:\Program Files\Mozilla Firefox\xul.dll+17aeb33|C:\Program Files\Mozilla Firefox\xul.dll+17aea84|C:\Program Files\Mozilla Firefox\xul.dll+68fa77|C:\Program Files\Mozilla Firefox\xul.dll+17abf14|C:\Program Files\Mozilla Firefox\xul.dll+17b587d|C:\Program Files\Mozilla Firefox\xul.dll+17a9e08|C:\Program Files\Mozilla Firefox\xul.dll+17aa25f|C:\Program Files\Mozilla Firefox\xul.dll+6800fd|C:\Program Files\Mozilla Firefox\xul.dll+65869f|C:\Program Files\Mozilla Firefox\xul.dll+64ebcb|C:\Program Files\Mozilla Firefox\xul.dll+2c2af21 10341000x800000000000000060613Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.857{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12af598|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+12e04b9|C:\Program Files\Mozilla Firefox\xul.dll+2a4a554|C:\Program Files\Mozilla Firefox\xul.dll+12bbafb|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+d9aecc|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+da7079|C:\Program Files\Mozilla Firefox\xul.dll+2ce7f2d|C:\Program Files\Mozilla Firefox\xul.dll+2ce9f80|C:\Program Files\Mozilla Firefox\xul.dll+2ce9384|C:\Program Files\Mozilla Firefox\xul.dll+2ce1c04|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3d1c3c|C:\Program Files\Mozilla Firefox\xul.dll+3fda6|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e 18141800x800000000000000060612Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.857{7CDEDE96-003C-60AE-7C02-00000000C501}4140\cubeb-pipe-4140-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060611Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.857{7CDEDE96-003C-60AE-7C02-00000000C501}4140\cubeb-pipe-4140-0C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060610Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.841{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060609Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.841{7CDEDE96-F0D1-60AD-1600-00000000C501}13241376C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060608Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.841{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.6.172858662C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060607Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.841{7CDEDE96-003C-60AE-7C02-00000000C501}41405544C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2aef3b|C:\Program Files\Mozilla Firefox\xul.dll+3aa266d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060606Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.841{7CDEDE96-003C-60AE-7C02-00000000C501}4140\gecko-crash-server-pipe.4140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060605Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.826{7CDEDE96-F0D1-60AD-1000-00000000C501}3841648C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000060604Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.12.14818892C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060603Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8403191013994A557EC92D40224613D2,SHA256=4474973B7E672B1DD0E1BAC6116F9BB6C9A6AD656AB13C5BF6190D82797F1A88,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060602Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.810{7CDEDE96-003E-60AE-7E02-00000000C501}5700\chrome.5700.0.74454471C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060601Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.11.17843883C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060600Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003E-60AE-7E02-00000000C501}5700\chrome.5700.0.74454471C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060599Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306841|C:\Program Files\Mozilla Firefox\xul.dll+187cee1|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4 17141700x800000000000000060598Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.10.58023599C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060597Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306741|C:\Program Files\Mozilla Firefox\xul.dll+187ccfe|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4 17141700x800000000000000060596Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.9.151740711C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060595Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306641|C:\Program Files\Mozilla Firefox\xul.dll+187cb44|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4 17141700x800000000000000060594Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.8.52067545C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060593Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306541|C:\Program Files\Mozilla Firefox\xul.dll+187c985|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4 17141700x800000000000000060592Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.7.136562732C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060591Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+506f1|C:\Program Files\Mozilla Firefox\xul.dll+2a65add|C:\Program Files\Mozilla Firefox\xul.dll+2a5f4d9|C:\Program Files\Mozilla Firefox\xul.dll+2a3e48d|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060590Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12af598|C:\Program Files\Mozilla Firefox\xul.dll+12af2c2|C:\Program Files\Mozilla Firefox\xul.dll+14855cd|C:\Program Files\Mozilla Firefox\xul.dll+2a3e43d|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e 10341000x800000000000000060589Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4 10341000x800000000000000060588Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+2a3e130|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728 10341000x800000000000000060587Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.810{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+2a3e125|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e 10341000x800000000000000060586Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+2a3e0a2|C:\Program Files\Mozilla Firefox\xul.dll+2a3d71c|C:\Program Files\Mozilla Firefox\xul.dll+2a40b93|C:\Program Files\Mozilla Firefox\xul.dll+1a8cbe9|C:\Program Files\Mozilla Firefox\xul.dll+1a87627|C:\Program Files\Mozilla Firefox\xul.dll+59a8a5|C:\Program Files\Mozilla Firefox\xul.dll+59a421|C:\Program Files\Mozilla Firefox\xul.dll+2f1e965|C:\Program Files\Mozilla Firefox\xul.dll+29561c|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+10b21e 10341000x800000000000000060585Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-003C-60AE-7C02-00000000C501}41402660C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121aacf|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+20088|C:\Program Files\Mozilla Firefox\xul.dll+11f5c88|C:\Program Files\Mozilla Firefox\xul.dll+1f4a5|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+1e9ef|C:\Program Files\Mozilla Firefox\xul.dll+11f6a01|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060584Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060583Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060582Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060581Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060580Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-F8F0-60AD-7E01-00000000C501}13363908C:\Windows\system32\csrss.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060579Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.795{7CDEDE96-003C-60AE-7C02-00000000C501}41405676C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+432db|C:\Program Files\Mozilla Firefox\firefox.exe+247e8|C:\Program Files\Mozilla Firefox\xul.dll+cf875a|C:\Program Files\Mozilla Firefox\xul.dll+1211234|C:\Program Files\Mozilla Firefox\xul.dll+120f4b2|C:\Program Files\Mozilla Firefox\xul.dll+121beae|C:\Program Files\Mozilla Firefox\xul.dll+da0e64|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f69a|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060578Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.794{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe88.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4140.6.1728586627\2045876438" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 388 -prefMapSize 238570 -parentBuildID 20210504152106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4140 "\\.\pipe\gecko-crash-server-pipe.4140" 2088 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{7CDEDE96-F8F1-60AD-54C9-100000000000}0x10c9542LowMD5=F7A3347AC587E97C57CFAC49A17BD309,SHA256=6406A0632375EDC8C2EFA84E32EE6771AFFC4E34A45CB6CD7E88E0CA899C74AD,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x800000000000000060577Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.6.172858662C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060576Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c95118|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6 10341000x800000000000000060575Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c950f1|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6 10341000x800000000000000060574Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c950c6|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+1a8c460|C:\Program Files\Mozilla Firefox\xul.dll+5555f6|C:\Program Files\Mozilla Firefox\xul.dll+797bce|C:\Program Files\Mozilla Firefox\xul.dll+21272d6 18141800x800000000000000060573Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.5.38884302C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060572Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.779{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.4.78649867C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060571Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+13060ff|C:\Program Files\Mozilla Firefox\xul.dll+187b496|C:\Program Files\Mozilla Firefox\xul.dll+589acf|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005 17141700x800000000000000060570Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.5.38884302C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060569Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1305f5f|C:\Program Files\Mozilla Firefox\xul.dll+187b2f1|C:\Program Files\Mozilla Firefox\xul.dll+589ac7|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005 17141700x800000000000000060568Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.4.78649867C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060567Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.3.139241394C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060566Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1305dbf|C:\Program Files\Mozilla Firefox\xul.dll+187b0ea|C:\Program Files\Mozilla Firefox\xul.dll+589abf|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005 17141700x800000000000000060565Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.763{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.3.139241394C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060564Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.685{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\sessionCheckpoints.jsonMD5=362985746D24DBB2B166089F30CD1BB7,SHA256=B779351C8C6B04CF1D260C5E76FB4ECF4B74454CC6215A43EA15A223BF5BDD7E,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060563Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.576{7CDEDE96-003E-60AE-7E02-00000000C501}5700\chrome.4140.1.52157975C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060562Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.476{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060561Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.445{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12cd198|C:\Program Files\Mozilla Firefox\xul.dll+1305e8f|C:\Program Files\Mozilla Firefox\xul.dll+187b67b|C:\Program Files\Mozilla Firefox\xul.dll+1879df6|C:\Program Files\Mozilla Firefox\xul.dll+118df94|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+da7079|C:\Program Files\Mozilla Firefox\xul.dll+2ce7f2d|C:\Program Files\Mozilla Firefox\xul.dll+2ce9f80|C:\Program Files\Mozilla Firefox\xul.dll+2ce9384|C:\Program Files\Mozilla Firefox\xul.dll+2ce1c04|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3d1c3c|C:\Program Files\Mozilla Firefox\xul.dll+3fda6|C:\Program Files\Mozilla Firefox\xul.dll+1224921|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e 18141800x800000000000000060560Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.445{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.2.1923903C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060559Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.445{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.2.1923903C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060558Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.445{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.1.52157975C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060557Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.382{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060556Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.382{7CDEDE96-F0D1-60AD-1600-00000000C501}13242480C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060555Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.382{7CDEDE96-F0D1-60AD-1600-00000000C501}13241376C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060554Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.382{7CDEDE96-003E-60AE-7E02-00000000C501}5700\chrome.4140.0.38292229C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060553Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.367{7CDEDE96-003C-60AE-7C02-00000000C501}41405544C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2aef3b|C:\Program Files\Mozilla Firefox\xul.dll+3aa266d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060552Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:02.367{7CDEDE96-003E-60AE-7E02-00000000C501}5700\gecko-crash-server-pipe.4140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060551Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.335{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060550Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.335{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060549Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.320{7CDEDE96-F0D1-60AD-1600-00000000C501}13244900C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060548Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.289{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060547Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.273{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\666x5nua.default-release\cache2\doomed\26253MD5=5B7656744B8326EB674AD9E2DD35D1E3,SHA256=4D58AD142E362162E69EAF42B66E26F3C98A75E8A4838F671660D3A702BA0E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060546Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.273{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\cookies.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060545Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.257{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805520C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060544Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.242{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804660C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060543Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.242{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804660C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060542Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.242{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804800C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b2a80|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060541Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.242{7CDEDE96-F8F3-60AD-8F01-00000000C501}45804800C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060540Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.195{7CDEDE96-F0D1-60AD-1000-00000000C501}3841648C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060539Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.195{7CDEDE96-F0D1-60AD-1000-00000000C501}3841648C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060538Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-003C-60AE-7C02-00000000C501}41402660C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121aacf|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+20088|C:\Program Files\Mozilla Firefox\xul.dll+11f5c88|C:\Program Files\Mozilla Firefox\xul.dll+1f4a5|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+1e9ef|C:\Program Files\Mozilla Firefox\xul.dll+11f6a01|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060537Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060536Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060535Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060534Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-F8F0-60AD-7E01-00000000C501}13361996C:\Windows\system32\csrss.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060533Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060532Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-003C-60AE-7C02-00000000C501}41405676C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+2667e4|C:\Program Files\Mozilla Firefox\xul.dll+12110b9|C:\Program Files\Mozilla Firefox\xul.dll+120f4b2|C:\Program Files\Mozilla Firefox\xul.dll+121beae|C:\Program Files\Mozilla Firefox\xul.dll+da0e64|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f69a|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060531Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.179{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe88.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4140.0.382922295\2058942629" -parentBuildID 20210504152106 -prefsHandle 1400 -prefMapHandle 1392 -prefsLen 1 -prefMapSize 238570 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4140 "\\.\pipe\gecko-crash-server-pipe.4140" 1496 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{7CDEDE96-F8F1-60AD-54C9-100000000000}0x10c9542MediumMD5=F7A3347AC587E97C57CFAC49A17BD309,SHA256=6406A0632375EDC8C2EFA84E32EE6771AFFC4E34A45CB6CD7E88E0CA899C74AD,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x800000000000000060530Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.164{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.0.38292229C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060529Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:02.164{7CDEDE96-003C-60AE-7C02-00000000C501}4140\gecko-crash-server-pipe.4140C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060528Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.132{7CDEDE96-F8F2-60AD-8901-00000000C501}19404224C:\Windows\system32\taskhostw.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060527Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.132{7CDEDE96-F8F2-60AD-8901-00000000C501}19404224C:\Windows\system32\taskhostw.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060526Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.132{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060525Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.132{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060524Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.117{7CDEDE96-F0CE-60AD-0500-00000000C501}416432C:\Windows\system32\csrss.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060523Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.117{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-003E-60AE-7D02-00000000C501}5712C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060522Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.101{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060521Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.101{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F0CF-60AD-0B00-00000000C501}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060520Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:02.101{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-F0D1-60AD-1600-00000000C501}1324C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060519Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.992{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\parent.lockMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060853Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.986{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F972FB8B915660DD5245D13BD34D8E9,SHA256=5551F6B674B2B817237F4C59F03F88D9616D0E9ACDD966AD6F46FC02AB03F90F,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060852Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.986{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.5944.2.122820601C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060851Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.986{7CDEDE96-003F-60AE-8102-00000000C501}5944\chrome.5944.2.122820601C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060850Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.986{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.5944.1.147665544C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060849Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.986{7CDEDE96-003F-60AE-8102-00000000C501}5944\chrome.5944.1.147665544C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060848Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.986{7CDEDE96-003F-60AE-8102-00000000C501}5944\chrome.5944.0.53722994C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060847Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.986{7CDEDE96-003F-60AE-8102-00000000C501}5944\chrome.5944.0.53722994C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060846Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.986{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060845Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.986{7CDEDE96-F0CF-60AD-0B00-00000000C501}632676C:\Windows\system32\lsass.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000037925Microsoft-Windows-Sysmon/Operationalwin-host-267.attackrange.local-2021-05-26 08:01:03.167{266C2353-F0ED-60AD-6E00-00000000C601}4024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A62FDC152C71DD1F7E5DDFB17E6E7CC,SHA256=68B2F44C005C6302EDE9E16E5827947B33AD4D078EDA920AAD6E6BC2B9D4BA46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060844Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.955{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12af598|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+12e04b9|C:\Program Files\Mozilla Firefox\xul.dll+2a4a554|C:\Program Files\Mozilla Firefox\xul.dll+12bbafb|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+d9aecc|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a 18141800x800000000000000060843Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.955{7CDEDE96-003C-60AE-7C02-00000000C501}4140\cubeb-pipe-4140-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060842Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.955{7CDEDE96-003C-60AE-7C02-00000000C501}4140\cubeb-pipe-4140-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060841Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.940{7CDEDE96-F0D0-60AD-0C00-00000000C501}8365400C:\Windows\system32\svchost.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060840Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.940{7CDEDE96-F0D1-60AD-1600-00000000C501}13241376C:\Windows\system32\svchost.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060839Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.940{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.20.26226562C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060838Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.940{7CDEDE96-003C-60AE-7C02-00000000C501}41405544C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2aef3b|C:\Program Files\Mozilla Firefox\xul.dll+3aa266d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060837Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.940{7CDEDE96-003C-60AE-7C02-00000000C501}4140\gecko-crash-server-pipe.4140C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060836Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.928{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED1B748065DBEA0C39D884502D85BB14,SHA256=68699130A4E12264E9E47941132330D4ABC63718F9A8D5204469B765BBD36779,IMPHASH=00000000000000000000000000000000falsetrue 17141700x800000000000000060835Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.908{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.26.207076697C:\Program Files\Mozilla Firefox\firefox.exe 17141700x800000000000000060834Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.908{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.25.152345061C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060833Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.908{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306841|C:\Program Files\Mozilla Firefox\xul.dll+187cee1|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 17141700x800000000000000060832Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.908{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.24.16867283C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060831Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306741|C:\Program Files\Mozilla Firefox\xul.dll+187ccfe|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 17141700x800000000000000060830Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.23.38559805C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060829Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306641|C:\Program Files\Mozilla Firefox\xul.dll+187cb44|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 17141700x800000000000000060828Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.22.188455463C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060827Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+3f93ec|C:\Program Files\Mozilla Firefox\xul.dll+3f933c|C:\Program Files\Mozilla Firefox\xul.dll+12ae2c8|C:\Program Files\Mozilla Firefox\xul.dll+1306541|C:\Program Files\Mozilla Firefox\xul.dll+187c985|C:\Program Files\Mozilla Firefox\xul.dll+2a3e5b8|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 17141700x800000000000000060826Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.21.163185724C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000060825Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+506f1|C:\Program Files\Mozilla Firefox\xul.dll+2a65add|C:\Program Files\Mozilla Firefox\xul.dll+2a5f4d9|C:\Program Files\Mozilla Firefox\xul.dll+2a3e48d|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a|C:\Program Files\Mozilla Firefox\xul.dll+4f91189 10341000x800000000000000060824Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12af598|C:\Program Files\Mozilla Firefox\xul.dll+12af2c2|C:\Program Files\Mozilla Firefox\xul.dll+14855cd|C:\Program Files\Mozilla Firefox\xul.dll+2a3e43d|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d 10341000x800000000000000060823Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.907{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060822Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060821Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060820Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060819Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060818Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060817Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060816Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060815Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060814Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060813Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060812Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060811Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.906{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+e0e729|C:\Program Files\Mozilla Firefox\xul.dll+2a3e194|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061 10341000x800000000000000060810Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.905{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+2a3e130|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a 10341000x800000000000000060809Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.905{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+2a3e0a2|C:\Program Files\Mozilla Firefox\xul.dll+2a5bfd4|C:\Program Files\Mozilla Firefox\xul.dll+2a5beed|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+40c6e|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a|C:\Program Files\Mozilla Firefox\xul.dll+4f91189|C:\Program Files\Mozilla Firefox\xul.dll+4f91132 10341000x800000000000000060808Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-003C-60AE-7C02-00000000C501}41402660C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121aacf|C:\Program Files\Mozilla Firefox\xul.dll+cf7244|C:\Program Files\Mozilla Firefox\xul.dll+20088|C:\Program Files\Mozilla Firefox\xul.dll+11f5c88|C:\Program Files\Mozilla Firefox\xul.dll+1f4a5|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+1e9ef|C:\Program Files\Mozilla Firefox\xul.dll+11f6a01|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060807Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-F0D0-60AD-0C00-00000000C501}8365400C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060806Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-F0D0-60AD-0C00-00000000C501}8365400C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060805Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-F0D0-60AD-0C00-00000000C501}8365400C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060804Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-F0D0-60AD-0C00-00000000C501}8365400C:\Windows\system32\svchost.exe{7CDEDE96-F0E1-60AD-2800-00000000C501}2916C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060803Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-F8F0-60AD-7E01-00000000C501}13361996C:\Windows\system32\csrss.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000060802Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.887{7CDEDE96-003C-60AE-7C02-00000000C501}41405676C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+432db|C:\Program Files\Mozilla Firefox\firefox.exe+247e8|C:\Program Files\Mozilla Firefox\xul.dll+cf875a|C:\Program Files\Mozilla Firefox\xul.dll+1211234|C:\Program Files\Mozilla Firefox\xul.dll+120f4b2|C:\Program Files\Mozilla Firefox\xul.dll+121beae|C:\Program Files\Mozilla Firefox\xul.dll+da0e64|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f69a|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000060801Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.895{7CDEDE96-003F-60AE-8102-00000000C501}5944C:\Program Files\Mozilla Firefox\firefox.exe88.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4140.20.262265629\1095847731" -childID 3 -isForBrowser -prefsHandle 4460 -prefMapHandle 4404 -prefsLen 6140 -prefMapSize 238570 -parentBuildID 20210504152106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4140 "\\.\pipe\gecko-crash-server-pipe.4140" 4488 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{7CDEDE96-F8F1-60AD-54C9-100000000000}0x10c9542LowMD5=F7A3347AC587E97C57CFAC49A17BD309,SHA256=6406A0632375EDC8C2EFA84E32EE6771AFFC4E34A45CB6CD7E88E0CA899C74AD,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x800000000000000060800Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-CreatePipe2021-05-26 08:01:03.887{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.20.26226562C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060799Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.840{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C93D8E2435BCF0196C3E9D94C5CED6C4,SHA256=E71789FA2187B8B8DBEAF70FDF857DF206CF153099DF650B6A21A367F3BBE45F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060798Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.808{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=6CBE80E6D2BFD3D8B6D27B8E9D1E3EF5,SHA256=94A1DEEA8F4EC75A4EE1B0B7241A544313F7FF755FFCE76CF269AECB2E2BA2B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060797Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.808{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=982076E7C856A73E2C8A3F9928048429,SHA256=5398255AEF8037F0F4B1940809A2F122AE1B7CAFE1C178129E49A1C8DDB94B87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060796Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.808{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=E3F5CFCC4BC76574B4C526B53FEFCDE1,SHA256=36C20AB36170C84C143B62EE2F357537E35ADDC0A5662E46C774BF435BC63D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060795Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.807{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=F3EA5A8E8C8AF083E30556EAEA48774B,SHA256=136C4DEE0F557ED438AED4EBB081ED416A57E321168CD5496FE2EEAC0323FA52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060794Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.806{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=2A2B104038AA5D1E254B309D6DB8F887,SHA256=D1AD450E3E055B95C6E0393ED4FEDB0A42F5CDE6F8000A103B3850938CFFE56D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060793Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.804{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=6CAB3049D88437ABF63423EFC50AB7BA,SHA256=ECA47E93AECDF0924F090554E43A950F9A3EF31BBA9138BC8AE4B71117598E77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060792Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.803{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=B25683EEE47176954A19155E9F34BBBF,SHA256=3F7113CA2650AC5AC19DDC783B870514FB31867C2282337735151B2D88180064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060791Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=0C0AEC3B990F2B1EDAB996A819BF19B4,SHA256=D05BF6ED8FB8C23A08FB888EDEBF031C7D79BD4D6FCED66AD1AAE0710F9A2382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060790Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=AE81CF74C5EAD7304CB6035BA930579D,SHA256=78286C418AF5D97AF07654A5D370D377BC32582B6E064D164B4AD093CF1FB2DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060789Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=357B8202907E6614FFF5C40766083B81,SHA256=06D13BF645F28FA352ACD5EFAC0D9727D09E595B26495522F542CE98EF9735CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060788Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=585B66370C6DE3CA8690D60CA28A2666,SHA256=C4D52FB4BC8BB5148BB42E568BE6F3E0E31CA869F0C4B9E15877701FB220B90E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060787Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=02CCAE4EE57E1242455C5E322A252ED9,SHA256=9690E4DDD43DC4F40D4A2B9F68570CFB7311559CFAEBA3F4892688CAB9C7B4A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060786Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=60B54EA9EFB68A2AE33C50290CF6416F,SHA256=DF8A5624D09B5880F79B1B24F06EB4DF1070A07351262DA21C2E947C5AEBE1D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060785Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+d48bc1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41950|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a|C:\Program Files\Mozilla Firefox\xul.dll+4f91189|C:\Program Files\Mozilla Firefox\xul.dll+4f91132 23542300x800000000000000060784Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\datareporting\glean\db\data.safe.binMD5=EA101C70C874AFF3A60B92F97D3EFE84,SHA256=21C1D9D10ADDB55691DBBEE98FC40405155522FFF87F92A58DD056FCD74AE21C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060783Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.787{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12b1408|C:\Program Files\Mozilla Firefox\xul.dll+2a63652|C:\Program Files\Mozilla Firefox\xul.dll+484ecb|C:\Program Files\Mozilla Firefox\xul.dll+d48bc1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41950|C:\Program Files\Mozilla Firefox\xul.dll+6a91b|C:\Program Files\Mozilla Firefox\xul.dll+382d564|C:\Program Files\Mozilla Firefox\xul.dll+3a830bf|C:\Program Files\Mozilla Firefox\xul.dll+3a8043a|C:\Program Files\Mozilla Firefox\xul.dll+4f91132|C:\Program Files\Mozilla Firefox\xul.dll+14bd531|C:\Program Files\Mozilla Firefox\xul.dll+14bf3c3|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+3b652e0|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+14b953d|C:\Program Files\Mozilla Firefox\xul.dll+15d48a|C:\Program Files\Mozilla Firefox\xul.dll+4f91189|C:\Program Files\Mozilla Firefox\xul.dll+4f91132 354300x800000000000000060782Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.188{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-50942-false127.0.0.1-50941- 354300x800000000000000060781Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:01.188{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-50942-false127.0.0.1-50941- 10341000x800000000000000060780Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060779Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363380C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060778Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060777Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060776Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F0D0-60AD-0C00-00000000C501}8363268C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060775Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-F8F2-60AD-8601-00000000C501}10565276C:\Windows\system32\sihost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060774Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.724{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060773Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.687{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120715e|C:\Program Files\Mozilla Firefox\xul.dll+16b1fec|C:\Program Files\Mozilla Firefox\xul.dll+69224b|C:\Program Files\Mozilla Firefox\xul.dll+17aeb52|C:\Program Files\Mozilla Firefox\xul.dll+17aea84|C:\Program Files\Mozilla Firefox\xul.dll+68fa77|C:\Program Files\Mozilla Firefox\xul.dll+17abf14|C:\Program Files\Mozilla Firefox\xul.dll+17b587d|C:\Program Files\Mozilla Firefox\xul.dll+17a9e08|C:\Program Files\Mozilla Firefox\xul.dll+17aa25f|C:\Program Files\Mozilla Firefox\xul.dll+6800fd|C:\Program Files\Mozilla Firefox\xul.dll+65869f|C:\Program Files\Mozilla Firefox\xul.dll+64ebcb|C:\Program Files\Mozilla Firefox\xul.dll+2c2af21|C:\Program Files\Mozilla Firefox\xul.dll+2c2a2c0|C:\Program Files\Mozilla Firefox\xul.dll+62d9e1|C:\Program Files\Mozilla Firefox\xul.dll+2c2935b|C:\Program Files\Mozilla Firefox\xul.dll+2c292d9|C:\Program Files\Mozilla Firefox\xul.dll+2ced2b6|C:\Program Files\Mozilla Firefox\xul.dll+2ceac59|C:\Program Files\Mozilla Firefox\xul.dll+2ce9384 10341000x800000000000000060772Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.687{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060771Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.687{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9201-00000000C501}4880C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060770Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.687{7CDEDE96-F0D0-60AD-0C00-00000000C501}8364184C:\Windows\system32\svchost.exe{7CDEDE96-F8F4-60AD-9301-00000000C501}4980C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000060769Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.687{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+1228a69|C:\Program Files\Mozilla Firefox\xul.dll+1228989|C:\Program Files\Mozilla Firefox\xul.dll+122607d|C:\Program Files\Mozilla Firefox\xul.dll+1226524|C:\Program Files\Mozilla Firefox\xul.dll+16cbe91|C:\Program Files\Mozilla Firefox\xul.dll+690c09|C:\Program Files\Mozilla Firefox\xul.dll+690b14|C:\Program Files\Mozilla Firefox\xul.dll+6908fd|C:\Program Files\Mozilla Firefox\xul.dll+690534|C:\Program Files\Mozilla Firefox\xul.dll+17aeb33|C:\Program Files\Mozilla Firefox\xul.dll+17aea84|C:\Program Files\Mozilla Firefox\xul.dll+68fa77|C:\Program Files\Mozilla Firefox\xul.dll+17abf14|C:\Program Files\Mozilla Firefox\xul.dll+17b587d|C:\Program Files\Mozilla Firefox\xul.dll+17a9e08|C:\Program Files\Mozilla Firefox\xul.dll+17aa25f|C:\Program Files\Mozilla Firefox\xul.dll+6800fd|C:\Program Files\Mozilla Firefox\xul.dll+65869f|C:\Program Files\Mozilla Firefox\xul.dll+64ebcb|C:\Program Files\Mozilla Firefox\xul.dll+2c2af21 10341000x800000000000000060768Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.671{7CDEDE96-F8F3-60AD-8F01-00000000C501}45805520C:\Windows\Explorer.EXE{7CDEDE96-003C-60AE-7C02-00000000C501}4140C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060767Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.656{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c95118|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+73369f|C:\Program Files\Mozilla Firefox\xul.dll+7333fd|C:\Program Files\Mozilla Firefox\xul.dll+20cce85|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+17feb9|UNKNOWN(0000006582163DFF) 10341000x800000000000000060766Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.656{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c950f1|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+73369f|C:\Program Files\Mozilla Firefox\xul.dll+7333fd|C:\Program Files\Mozilla Firefox\xul.dll+20cce85|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+17feb9|UNKNOWN(0000006582163DFF) 10341000x800000000000000060765Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.656{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+2c950c6|C:\Program Files\Mozilla Firefox\xul.dll+589c7e|C:\Program Files\Mozilla Firefox\xul.dll+588c1f|C:\Program Files\Mozilla Firefox\xul.dll+588a0a|C:\Program Files\Mozilla Firefox\xul.dll+2ce71a7|C:\Program Files\Mozilla Firefox\xul.dll+58820d|C:\Program Files\Mozilla Firefox\xul.dll+2e0e2ee|C:\Program Files\Mozilla Firefox\xul.dll+2e0e44f|C:\Program Files\Mozilla Firefox\xul.dll+2e1068d|C:\Program Files\Mozilla Firefox\xul.dll+29495d|C:\Program Files\Mozilla Firefox\xul.dll+294005|C:\Program Files\Mozilla Firefox\xul.dll+73369f|C:\Program Files\Mozilla Firefox\xul.dll+7333fd|C:\Program Files\Mozilla Firefox\xul.dll+20cce85|C:\Program Files\Mozilla Firefox\xul.dll+27c6ad|C:\Program Files\Mozilla Firefox\xul.dll+108be4|C:\Program Files\Mozilla Firefox\xul.dll+10b21e|C:\Program Files\Mozilla Firefox\xul.dll+3b55728|C:\Program Files\Mozilla Firefox\xul.dll+109061|C:\Program Files\Mozilla Firefox\xul.dll+17feb9|UNKNOWN(0000006582163DFF) 23542300x800000000000000060764Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.624{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060763Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.509{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060762Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.505{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060761Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.487{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F10CB9434D5C6AC763D17BF6441A86D5,SHA256=BC4E578C9729B0A2375F7557D12D999EB2CD3DD788165401F5F9CC1F6A1A0616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060760Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.456{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060759Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.456{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060758Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.456{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060757Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.440{7CDEDE96-003C-60AE-7C02-00000000C501}41405572C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+1422e28|C:\Program Files\Mozilla Firefox\xul.dll+121cc81|C:\Program Files\Mozilla Firefox\xul.dll+1212cda|C:\Program Files\Mozilla Firefox\xul.dll+2442fd4|C:\Program Files\Mozilla Firefox\xul.dll+1396010|C:\Program Files\Mozilla Firefox\xul.dll+2005b1|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+1ff2bd|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f5cf|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060756Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.440{7CDEDE96-003C-60AE-7C02-00000000C501}41405572C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+1422e28|C:\Program Files\Mozilla Firefox\xul.dll+121cc81|C:\Program Files\Mozilla Firefox\xul.dll+1212cda|C:\Program Files\Mozilla Firefox\xul.dll+2442fd4|C:\Program Files\Mozilla Firefox\xul.dll+1396010|C:\Program Files\Mozilla Firefox\xul.dll+2005b1|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+1ff2bd|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f5cf|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000060755Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.440{7CDEDE96-F0F3-60AD-7500-00000000C501}3932NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376B729C53C1EEB8ADD4C5AF5F1D68C8,SHA256=820DBB0FF4F9ED9649130CA532B994A34F7F3F54E32C99748E284FD5EF179C66,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000060754Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060753Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060752Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060751Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060750Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060749Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060748Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060747Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060746Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060745Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.425{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060744Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060743Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060742Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060741Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060740Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060739Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060738Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060737Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060736Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060735Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060734Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060733Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.409{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060732Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060731Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060730Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060729Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060728Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060727Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060726Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060725Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060724Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060723Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060722Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060721Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060720Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.387{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060719Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060718Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060717Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060716Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060715Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060714Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.372{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7F02-00000000C501}4384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12dd88d|C:\Program Files\Mozilla Firefox\xul.dll+12b136a|C:\Program Files\Mozilla Firefox\xul.dll+12b1224|C:\Program Files\Mozilla Firefox\xul.dll+3d1453|C:\Program Files\Mozilla Firefox\xul.dll+e10105|C:\Program Files\Mozilla Firefox\xul.dll+e0fac1|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+41784|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000060713Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.356{7CDEDE96-003C-60AE-7C02-00000000C501}41404704C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+120e14e|C:\Program Files\Mozilla Firefox\xul.dll+12270d7|C:\Program Files\Mozilla Firefox\xul.dll+1362869|C:\Program Files\Mozilla Firefox\xul.dll+114feb2|C:\Program Files\Mozilla Firefox\xul.dll+d9ec8a|C:\Program Files\Mozilla Firefox\xul.dll+d9b1aa|C:\Program Files\Mozilla Firefox\xul.dll+4029e|C:\Program Files\Mozilla Firefox\xul.dll+1224a8e|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+3d19c8|C:\Program Files\Mozilla Firefox\xul.dll+3d073f|C:\Program Files\Mozilla Firefox\xul.dll+3a1d1aa|C:\Program Files\Mozilla Firefox\xul.dll+3aba26f|C:\Program Files\Mozilla Firefox\xul.dll+3abb5e9|C:\Program Files\Mozilla Firefox\xul.dll+3f33|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c4e8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060712Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.340{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060711Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.340{7CDEDE96-003C-60AE-7C02-00000000C501}41404852C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003E-60AE-7E02-00000000C501}5700C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d80|C:\Program Files\Mozilla Firefox\firefox.exe+40a7c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000060710Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.325{7CDEDE96-003C-60AE-7C02-00000000C501}41405572C:\Program Files\Mozilla Firefox\firefox.exe{7CDEDE96-003F-60AE-8002-00000000C501}4544C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3f8761|C:\Program Files\Mozilla Firefox\xul.dll+11f6f41|C:\Program Files\Mozilla Firefox\xul.dll+1213abc|C:\Program Files\Mozilla Firefox\xul.dll+1321d41|C:\Program Files\Mozilla Firefox\xul.dll+2005b1|C:\Program Files\Mozilla Firefox\xul.dll+1221814|C:\Program Files\Mozilla Firefox\xul.dll+1ff2bd|C:\Program Files\Mozilla Firefox\xul.dll+40932|C:\Program Files\Mozilla Firefox\xul.dll+3f5cf|C:\Program Files\Mozilla Firefox\xul.dll+11fca9f|C:\Program Files\Mozilla Firefox\xul.dll+3f49e|C:\Program Files\Mozilla Firefox\xul.dll+da69b7|C:\Program Files\Mozilla Firefox\nss3.dll+f97fa|C:\Program Files\Mozilla Firefox\nss3.dll+ecf21|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000060709Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.18.125160439C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060708Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.19.112568303C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060707Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.17.38519477C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060706Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.15.130418905C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060705Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.16.24886141C:\Program Files\Mozilla Firefox\firefox.exe 18141800x800000000000000060704Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140\chrome.4140.14.45680149C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000060703Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-2021-05-26 08:01:03.309{7CDEDE96-003C-60AE-7C02-00000000C501}4140ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\666x5nua.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000060702Microsoft-Windows-Sysmon/Operationalwin-dc-141.attackrange.local-ConnectPipe2021-05-26 08:01:03.309{7CDEDE96-