23542300x800000000000000056053Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:05.750{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E42566EEC7451338359FE61A34A988,SHA256=DECB34DBDEFC22F9F5F6EFD25BE6415C704018D4F9DA7EFC4B494D534FFCF5C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490888Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.578{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0DEDD31F0FF72821313484138FDA4FE,SHA256=E1C6313C578D90A3C0992D0B7A69F2444F592ED1E8E18903449C8BEA2EE25359,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000490887Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490886Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490885Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490884Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490883Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490882Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490881Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490880Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490879Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490878Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490877Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490876Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490875Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490874Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490873Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490872Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490871Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490870Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490869Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490868Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490867Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490866Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490865Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.463{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490864Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490863Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490862Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490861Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490860Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490859Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490858Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490857Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490856Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490855Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490854Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490853Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490852Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490851Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490850Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490849Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490848Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490847Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490846Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490845Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490844Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490843Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490842Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490841Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490840Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490839Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490838Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490837Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490836Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490835Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490834Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490833Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490832Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490831Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490830Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490829Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490828Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490827Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490826Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490825Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490824Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490823Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490822Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490821Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490820Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490819Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.447{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000490818Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:05.379{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D3D070E93798AC35D9C16D59397C7EE,SHA256=CD078E7C791711EC67A808A0D1FE4EB2DCBC32E4E9740B8FED8579C4675133FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056054Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:06.766{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0767392EEE5441C3DBB082F240C39C,SHA256=2A2727CF8CDA527EA1F41E62B0216A9CF6D299963EA754EE9287A8FABD230619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490967Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=709BB39FDF2D6CD60B4B749E9EEC84CF,SHA256=0E7FE2E38744F7B8F2962EB9919990A55552723FC8075D4123728E15D4C43BA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490966Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=EE96FAC3DD700C6CDB745DBBCEF85B4D,SHA256=E10835AC04FF66752D4BA26712B7024ECEEB7CBE0B9E06452B4AAA5DA54B7A75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490965Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=4F77D8BB5C54D8406FD4F5198F8AE1FD,SHA256=299B8FD3EBA10BFB3F2827A6B908864E59BB5AD11E2533D93DE178BCF2E260B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490964Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=B56B57BF3B01D5C231F45F8615AD9E07,SHA256=656D8BF9A1D4F34F4E794A489658FEAD1B7D4E97ADE54696BB6FF82FB8926E9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490963Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=46511E06A691CDDE929E32D5A904705C,SHA256=E0302D62DA7F02C83C3430D83658AE6D46BEFA0C968DBE47C8E62780D5BB4590,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490962Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=8513EA1DFFA1E56D90AF82035BE0FB11,SHA256=DAFF52E614E36C192716BA5149BA446E29432818D7814AD51BDA3CA919432D78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490961Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=4625236F947AB197EBB364513F8DE5FC,SHA256=CFE51B5F2829AF547EE8D0A8AB476E1C244208A4DDD233DD407FC08FA2CD65AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490960Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.910{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=9565180A7ACA64A1D869FB164906E843,SHA256=C35BC73DADAA11931BFF4796EEF0AB2D79B9B83768570EEE7FE42A1B7A40C419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000490959Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.709{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B80C75EE4195FF9EF10D218C340BBB09,SHA256=3E62C5F4ECE1D48A614655C73BDAFF8FE689CC75CC3C4BCC71E0CEEC7B7FD7B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000490958Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.493{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490957Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.493{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490956Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.493{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490955Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.493{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490954Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.493{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490953Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490952Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490951Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490950Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490949Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490948Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490947Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490946Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490945Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490944Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490943Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490942Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490941Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490940Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490939Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490938Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490937Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490936Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490935Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490934Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490933Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490932Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490931Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490930Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490929Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490928Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490927Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490926Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490925Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490924Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490923Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490922Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490921Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490920Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490919Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490918Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490917Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490916Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490915Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490914Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490913Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490912Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490911Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490910Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490909Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490908Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490907Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490906Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490905Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490904Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490903Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490902Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490901Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490900Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490899Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490898Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490897Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490896Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490895Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490894Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490893Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490892Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490891Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490890Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.478{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000490889Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.394{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5699E8CD8AB733DD8A5458C65DE4FDD6,SHA256=7F176A2B85D2B40A46AB473E732437C8D2D529BEA89DA119B64A216095D638C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056055Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:07.781{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C020BD635FD52797C0AA43FBD0E7B049,SHA256=8C6189B47794FD7D80038712E9EBE5EBF7F4A51B98D6886016CE2D4A64D31415,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491038Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.828{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0F1B5B2D96E9E69E6478671DF89D483,SHA256=55C5F3DABD87CEB5467C36ED9F1DEB178F38E70B886F4317D14CF363DC51E38C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491037Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491036Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491035Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491034Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491033Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491032Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491031Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491030Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491029Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491028Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491027Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491026Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491025Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491024Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491023Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491022Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491021Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491020Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491019Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491018Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491017Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491016Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491015Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491014Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491013Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491012Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491011Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491010Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491009Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491008Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491007Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491006Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491005Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491004Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491003Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491002Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491001Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491000Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490999Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490998Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490997Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490996Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490995Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490994Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490993Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490992Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490991Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490990Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490989Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490988Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490987Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490986Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490985Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490984Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490983Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490982Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490981Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490980Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490979Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490978Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490977Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490976Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490975Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490974Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490973Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490972Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490971Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490970Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000490969Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.508{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000490968Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:07.408{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA20891FEFE7C36B09CECFE5FDCB86DA,SHA256=7FC2B0106BD5858864B2E04123B4B64F9164F3A6EC9C4AB7516968AF34895500,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056057Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:07.470{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52971-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000056056Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:08.781{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E4D98FBB8180C93A461252E2A57DDF0,SHA256=3EAEF2586A3BDC7DF108B1B36571511B36DD3461C1B40BA439C82E3B5E2608D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491109Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.593{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91E113C2174E04655111DB7B7BAB61F8,SHA256=EC4D11569AAB12EA1538CE15441F8B548BE56BE4A5EA5284E7D93CBDCB31F2B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491108Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491107Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491106Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491105Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491104Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491103Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491102Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491101Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491100Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491099Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491098Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491097Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491096Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491095Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491094Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491093Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491092Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491091Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491090Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491089Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491088Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491087Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491086Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491085Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491084Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491083Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491082Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491081Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491080Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491079Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491078Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491077Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491076Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491075Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491074Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491073Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491072Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491071Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491070Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491069Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491068Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491067Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491066Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491065Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491064Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491063Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491062Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491061Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491060Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491059Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491058Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491057Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491056Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491055Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491054Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491053Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491052Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491051Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491050Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491049Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491048Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491047Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491046Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491045Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491044Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491043Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491042Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491041Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491040Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.546{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491039Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:08.409{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83D3BC38E3AA703758C6FDFCF32C7436,SHA256=6E3BD1FB17DF74579FCDE94E5949C2897D33E2856DACA3964D366F4408CD6AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056058Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:09.797{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EF6DEF530C2B2C2FEB10868A7FE8002,SHA256=EA23ADE99F1CA1143EE40CA5ED8F72E045D85FCB9315453B7FE9DE1F11438E33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491181Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.746{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03EBBC45D5009A7D030173AE617345A,SHA256=2097688ADBB5E0DEFD29AC0C477DF7C2D50031103D6345F368DE7C2177AE3C10,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491180Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491179Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491178Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491177Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491176Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491175Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.578{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491174Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491173Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491172Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491171Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491170Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491169Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491168Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491167Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491166Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491165Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491164Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491163Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491162Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491161Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491160Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491159Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491158Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491157Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491156Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491155Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491154Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491153Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491152Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491151Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491150Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491149Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491148Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491147Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491146Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491145Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491144Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491143Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491142Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491141Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491140Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491139Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491138Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491137Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491136Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491135Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491134Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491133Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491132Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491131Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491130Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491129Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491128Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491127Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491126Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491125Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491124Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491123Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491122Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491121Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491120Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491119Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491118Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491117Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491116Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491115Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491114Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491113Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491112Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.562{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491111Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:09.409{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75AEA643875A5842F55D395DE769DBD1,SHA256=28C58AC6FE04B5ADE5AA919765B49EC10B1938C8F06884C73FA819B8A24076F1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000491110Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:06.823{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49276-false10.0.1.12-8000- 23542300x8000000000000000491376Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.864{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F720C5494D127CF5B8692CA90FA5CA92,SHA256=2963C59B93C82D0D8E685FCA8B531997E16FCBE3404519848D7DD81F036F733B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491375Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.632{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491374Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.632{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491373Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.632{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491372Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.632{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491371Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.632{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491370Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491369Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491368Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491367Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491366Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491365Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491364Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491363Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491362Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491361Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.628{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491360Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.627{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491359Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.627{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491358Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.627{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491357Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.627{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491356Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.626{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491355Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.626{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491354Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.626{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491353Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.624{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491352Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491351Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491350Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491349Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491348Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491347Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491346Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491345Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491344Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491343Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491342Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491341Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491340Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491339Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491338Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491337Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491336Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491335Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491334Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491333Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491332Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491331Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491330Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056060Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:10.938{A3A2E2BF-2A96-613F-A900-00000000F101}2068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=0FD14597E2F3C12A54BDB5DD198E445A,SHA256=E40A5E3E6682970B0E30FCD472A0ED25EA1CC7AE3D3EDB2322AAE0F71B217A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056059Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:10.813{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=218F84DACC71594A6892EB1F1F6E2BC4,SHA256=0931127D3190145168755D0C2DB0A91E09E569D1AC74DAE90CCBF50103822A5A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491329Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491328Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491327Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491326Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491325Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491324Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491323Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491322Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491321Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491320Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491319Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491318Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491317Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491316Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491315Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491314Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491313Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491312Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491311Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491310Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491309Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491308Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491307Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491306Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491305Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491304Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491303Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491302Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491301Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491300Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491299Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491298Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491297Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491296Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491295Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491294Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491293Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491292Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491291Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491290Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491289Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491288Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491287Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.609{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491286Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491285Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491284Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491283Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491282Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491281Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491280Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491279Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491278Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491277Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491276Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491275Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491274Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491273Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491272Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491271Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491270Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491269Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491268Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491267Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491266Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491265Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491264Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491263Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491262Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491261Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491260Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491259Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491258Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491257Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491256Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491255Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491254Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491253Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491252Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491251Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491250Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491249Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491248Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491247Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491246Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491245Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491244Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491243Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491242Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491241Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491240Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491239Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491238Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491237Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491236Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491235Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491234Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491233Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491232Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491231Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491230Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491229Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491228Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491227Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491226Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491225Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491224Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491223Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491222Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491221Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491220Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491219Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491218Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491217Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491216Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491215Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491214Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491213Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491212Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491211Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491210Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491209Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491208Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491207Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491206Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491205Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491204Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491203Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491202Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491201Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491200Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491199Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491198Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491197Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491196Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491195Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491194Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491193Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491192Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491191Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491190Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491189Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491188Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491187Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491186Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491185Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491184Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491183Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.593{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491182Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:10.446{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC1EC977C7724B114ECFD376DABA4263,SHA256=BAC571F160D554F5E749D1AF96C03099B5D4D1D217F24230590E53DE66553D8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491446Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.980{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=686E079CEB25849A428A2EBDA8557016,SHA256=B33369F13BD81A5B806D1285BBDE958991E0830699758F34E95E8E4049BDF6B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491445Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491444Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491443Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491442Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056061Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:11.814{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2F7E80EE89A7A0C76B99006E9E6CA94,SHA256=BBC7CAA277E7422216A45F9A658A143E985D713E3F95E4E735AD9C66028BC254,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491441Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491440Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491439Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491438Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491437Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491436Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491435Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.665{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491434Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491433Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491432Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491431Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491430Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491429Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491428Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491427Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491426Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491425Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491424Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491423Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491422Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491421Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491420Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491419Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491418Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491417Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491416Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491415Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491414Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491413Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491412Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491411Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491410Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491409Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491408Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491407Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491406Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491405Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491404Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491403Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491402Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491401Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491400Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491399Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491398Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491397Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491396Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491395Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491394Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491393Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491392Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491391Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491390Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491389Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491388Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491387Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491386Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491385Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491384Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491383Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491382Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491381Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491380Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491379Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491378Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491377Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:11.649{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056063Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:12.846{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086835EA8E2C5678473DA4CF66850CD1,SHA256=90EAF78AAD367BD880DE22097974E8BE9CC388BF44EE04BDF28FEB2EFFB2B2BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491517Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491516Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491515Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491514Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491513Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491512Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491511Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491510Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491509Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491508Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491507Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491506Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491505Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491504Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491503Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491502Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491501Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491500Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491499Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491498Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491497Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491496Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491495Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.695{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491494Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491493Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491492Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491491Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491490Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491489Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491488Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491487Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491486Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491485Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491484Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491483Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491482Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491481Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491480Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491479Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491478Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491477Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491476Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491475Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491474Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491473Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491472Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491471Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491470Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491469Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491468Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491467Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491466Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491465Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491464Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491463Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491462Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491461Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491460Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491459Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491458Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491457Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491456Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491455Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491454Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491453Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491452Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68AC182901B20FC30152204A4DD90A10,SHA256=511BAA67C164AE8A81A27AC51311AB7178F0AA6EFBB9546B92D2254C0BA72E92,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491451Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491450Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491449Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491448Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.679{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491447Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.029{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84075C6BC960C3C4A4AB5A2ECF9761BC,SHA256=0595F3AF9C543C95C560812D814BEE254A2FD0F99268CCC9B83839B78BA13628,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056062Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:11.204{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52972-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000056064Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:13.861{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C10F00B4DD70E9D2E68F473CB061D467,SHA256=75C2028DD2A9E3C94B905B033B5A06CEF8C8992B307395338D63C2EC5A2B1F70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491588Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.752{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2F1B966DEDBB529931CD8780CBA309E,SHA256=EAC7AE69B3B45BE3A69A621052BA77AA0CBAC7E77CEE9A6177DF929CE9AAA77B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491587Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491586Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491585Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491584Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491583Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491582Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491581Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491580Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491579Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491578Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491577Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491576Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491575Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491574Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491573Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491572Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491571Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491570Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491569Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491568Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491567Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491566Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491565Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491564Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491563Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491562Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491561Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491560Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491559Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491558Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491557Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491556Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491555Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491554Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491553Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491552Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491551Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491550Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491549Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491548Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491547Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491546Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491545Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491544Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491543Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491542Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491541Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491540Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491539Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491538Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491537Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491536Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491535Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491534Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491533Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491532Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491531Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491530Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491529Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491528Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491527Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491526Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491525Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491524Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491523Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491522Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491521Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491520Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491519Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.699{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491518Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:13.133{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05AF6FE01C560126CB1A555B7E2AD285,SHA256=E54B035B2897A1AF3D52C6D29DAA7116871B9174CF8867DC802E64D41628D3B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491660Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.883{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4528918681EAE864DAD59658F84C33EE,SHA256=A0971ECAFFAD52B145050BBEFE303FFF80B88E33725597FCEEF615A2609EBBD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491659Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.883{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FE8F17D515201E7643A660DFB0AEC7C,SHA256=029452D0319D614A75DCD6B7D9BB647724E59B1791B34FF2D89BF3DB1509B7B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056066Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:14.877{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D073B0332DBCD1B6F9DE517F87317B7,SHA256=A0A2375948CCE4D64A1CC755FD3BC07C23F3DF9DECA2D3CC6CF59B26D9F439FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056065Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:12.470{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52973-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000491658Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491657Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491656Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491655Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491654Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491653Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491652Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491651Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491650Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491649Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491648Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491647Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491646Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491645Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491644Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491643Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491642Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491641Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491640Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491639Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491638Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491637Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491636Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491635Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491634Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491633Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491632Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491631Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491630Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491629Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491628Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491627Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491626Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491625Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491624Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491623Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491622Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491621Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491620Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491619Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491618Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491617Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491616Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491615Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491614Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491613Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491612Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491611Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491610Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491609Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491608Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491607Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.736{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491606Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491605Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491604Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491603Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491602Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491601Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491600Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.735{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491599Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.734{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491598Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.734{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491597Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.734{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491596Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.734{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491595Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.733{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491594Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.733{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491593Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.733{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491592Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.732{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491591Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.732{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491590Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.732{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491589Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.383{FC24A973-2852-613F-3000-00000000F001}2232NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=0FD14597E2F3C12A54BDB5DD198E445A,SHA256=E40A5E3E6682970B0E30FCD472A0ED25EA1CC7AE3D3EDB2322AAE0F71B217A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056067Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:15.892{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF5D9D723E836343DDFDEC2F50D6568D,SHA256=BDA2E619838ADDFBE3FC68BC135F9276601D853D548FFBB86BCD586F2485791A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491730Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491729Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491728Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491727Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491726Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491725Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491724Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491723Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491722Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491721Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491720Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491719Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491718Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491717Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491716Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491715Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491714Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491713Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491712Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491711Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491710Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491709Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491708Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491707Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491706Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491705Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491704Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491703Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491702Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.782{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491701Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491700Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491699Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491698Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491697Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491696Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491695Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491694Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491693Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491692Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491691Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491690Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491689Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491688Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491687Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491686Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491685Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491684Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491683Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491682Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491681Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491680Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491679Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491678Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491677Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491676Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491675Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491674Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491673Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491672Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491671Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491670Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491669Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491668Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491667Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491666Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491665Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491664Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491663Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491662Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:15.766{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000491661Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:12.766{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49277-false10.0.1.12-8000- 10341000x8000000000000000491802Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491801Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491800Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491799Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491798Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491797Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491796Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491795Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491794Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491793Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491792Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491791Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491790Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491789Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491788Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491787Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491786Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491785Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491784Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491783Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491782Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491781Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491780Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491779Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491778Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491777Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491776Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491775Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491774Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491773Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491772Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491771Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491770Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491769Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491768Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491767Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491766Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491765Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491764Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491763Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491762Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491761Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491760Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491759Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491758Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491757Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491756Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491755Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491754Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491753Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491752Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491751Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491750Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491749Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491748Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491747Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491746Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491745Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491744Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491743Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491742Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491741Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491740Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491739Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491738Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491737Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491736Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491735Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491734Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.783{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000491733Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:14.066{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49278-false10.0.1.12-8089- 23542300x8000000000000000491732Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.013{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4C7BF7EEF97AB2E580E28E2B373410,SHA256=9A1E7E5F4846EC5192C6DE86790C1D0150CD81E2EEC3C29D24B8B35E0DA901D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491731Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:16.013{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EBB4C3A4C06BBC4027932912F6D34E6,SHA256=E93E511EE5195B61E38AEF3A36591C2732F418F6F75C7FC9E2A0C3EC74C47082,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056068Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:17.131{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42AA5BFCECC84FD8A177181359BA6810,SHA256=BDCFB761F6591651084BC76F01D1CE225BC908188516BA503F656F6790D14397,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491873Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491872Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491871Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491870Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491869Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491868Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491867Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491866Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491865Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491864Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491863Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491862Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491861Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491860Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491859Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491858Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491857Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491856Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491855Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491854Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491853Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.834{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491852Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.833{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491851Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.833{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491850Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.832{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491849Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.832{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491848Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.832{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491847Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.832{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491846Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.832{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491845Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491844Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491843Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491842Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491841Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491840Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.831{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491839Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.830{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491838Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.830{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491837Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.830{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491836Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.829{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491835Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.829{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491834Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.829{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491833Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.828{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491832Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.828{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491831Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.828{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491830Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491829Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491828Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491827Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491826Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491825Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491824Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491823Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491822Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491821Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491820Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491819Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491818Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491817Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491816Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491815Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491814Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491813Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491812Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491811Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491810Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491809Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491808Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491807Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491806Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491805Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.812{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491804Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.166{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C424654E7AE789BEBF6AB265EB2452C,SHA256=851CBF198B455260503B8A2041360C647D8B3710863BD08BA83E337659955A68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491803Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.166{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA26B7E9125386DB6CF857BDF5AD6876,SHA256=6983CBF5EAE9070BC7CDA198FEB144D02694A88029E19162766B1E95848016CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056069Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:18.365{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B05A20F02FDFAB180774B8EE7A8670A,SHA256=049A8BA6D0D5B5837A31511893C08A2AD0D99C6F9509A79204E63DD51226252F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491945Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.931{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A08316B052646EE89840A7BFF5E7AA,SHA256=96DF42E47D283329CB1BF81DEC4A0F40891AE5617CB6293ECD61B63EF66D04C4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000491944Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491943Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491942Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491941Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491940Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491939Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491938Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491937Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491936Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491935Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491934Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491933Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491932Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.866{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491931Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491930Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491929Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491928Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491927Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491926Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491925Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491924Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491923Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491922Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491921Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491920Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491919Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491918Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491917Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491916Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491915Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491914Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491913Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491912Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491911Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491910Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491909Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491908Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491907Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491906Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491905Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491904Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491903Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491902Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491901Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491900Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491899Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491898Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491897Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491896Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491895Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491894Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491893Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491892Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491891Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491890Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491889Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491888Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491887Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491886Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491885Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491884Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491883Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491882Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491881Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491880Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491879Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491878Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491877Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491876Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.850{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491875Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.297{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=461F7F2D317DB4BEA001D2E43DB4E2E5,SHA256=497EC2624FDB6865CF748542B6EE7E62E4D37E729ADA0AC62FBDF88F7CD22E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000491874Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:18.297{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=140386E9A2A0172397EB20559D9F7485,SHA256=C9970763B159ED9B5EE0EBF01F8A68A4887264B99C990BCE64C1CDC5FCEEDABA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492018Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492017Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492016Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492015Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492014Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056071Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:19.412{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E35BCD2A27E3E42402F46534F7BFF661,SHA256=2873F96681A3305D308DFF11FB2EE4007522BCADE25FFF91F3CE94DB5946C5DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492013Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492012Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492011Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492010Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492009Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492008Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492007Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492006Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492005Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492004Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492003Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492002Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492001Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492000Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491999Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491998Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491997Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491996Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491995Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491994Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491993Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491992Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491991Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491990Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491989Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491988Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491987Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491986Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491985Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491984Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491983Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491982Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491981Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491980Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491979Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491978Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491977Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491976Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491975Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491974Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491973Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491972Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491971Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491970Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491969Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491968Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491967Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491966Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491965Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491964Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491963Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491962Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491961Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491960Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491959Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491958Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491957Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491956Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491955Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491954Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491953Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491952Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491951Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000491950Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.881{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491949Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.365{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AFCD828B6FB725DF7F94F5CAC868E29,SHA256=660CAA37BC87CA0DF65B52E1C4DACE7F00F335A56AA3FE47B40FB77909DCF197,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056070Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:17.522{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52974-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000491948Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.134{FC24A973-474D-613F-0E09-00000000F001}11402836C:\Windows\Explorer.EXE{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a50|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803ECA728A8)|UNKNOWN(FFFFDFD0488A5B68)|UNKNOWN(FFFFDFD0488A5CE7)|UNKNOWN(FFFFDFD0488A0371)|UNKNOWN(FFFFDFD0488A1D3A)|UNKNOWN(FFFFDFD04889FFF6)|UNKNOWN(FFFFF803EC78A103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+592ab|C:\Windows\System32\SHELL32.dll+dac6a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000491947Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.134{FC24A973-474D-613F-0E09-00000000F001}11402836C:\Windows\Explorer.EXE{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55531|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803ECA728A8)|UNKNOWN(FFFFDFD0488A5B68)|UNKNOWN(FFFFDFD0488A5CE7)|UNKNOWN(FFFFDFD0488A0371)|UNKNOWN(FFFFDFD0488A1D3A)|UNKNOWN(FFFFDFD04889FFF6)|UNKNOWN(FFFFF803EC78A103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+592ab|C:\Windows\System32\SHELL32.dll+dac6a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000491946Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:19.134{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFfcadba.TMPMD5=5BF63DD64D4FC23C636A66589244ED69,SHA256=6BD072D805C61A60826E9D94F871B04378603F155438E8AC6431F9D03E3983B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492214Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492213Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492212Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492211Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492210Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492209Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492208Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492207Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492206Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492205Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.949{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492204Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492203Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492202Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492201Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492200Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492199Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492198Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492197Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492196Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492195Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492194Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492193Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492192Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492191Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492190Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492189Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492188Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492187Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492186Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492185Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492184Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492183Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492182Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492181Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492180Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492179Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492178Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492177Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492176Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492175Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492174Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492173Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492172Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492171Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492170Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492169Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056072Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:20.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98BE35FEB20980CA1FE36C85A9DA7F94,SHA256=C8B2CDCBA20D014E8B497B2ADEAE15D662091FBC9B0F6752D635FF325754CF02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492168Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492167Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492166Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492165Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492164Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492163Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492162Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492161Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492160Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492159Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492158Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492157Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492156Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492155Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492154Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492153Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492152Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492151Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492150Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492149Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492148Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492147Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492146Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492145Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492144Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492143Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492142Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492141Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492140Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492139Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492138Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492137Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492136Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492135Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492134Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492133Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492132Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492131Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492130Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492129Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492128Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.934{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492127Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.933{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492126Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.933{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492125Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492124Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492123Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492122Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492121Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492120Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492119Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492118Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492117Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492116Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492115Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492114Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492113Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.932{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492112Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492111Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492110Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492109Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492108Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492107Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492106Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492105Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492104Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.931{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492103Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.930{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492102Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.930{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492101Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.929{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492100Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.929{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492099Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.929{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492098Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.929{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492097Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.929{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492096Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492095Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492094Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492093Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492092Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492091Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492090Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492089Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492088Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492087Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.928{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492086Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492085Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492084Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492083Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492082Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492081Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.927{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492080Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492079Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492078Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492077Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492076Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492075Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492074Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492073Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492072Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492071Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492070Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492069Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492068Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492067Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492066Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492065Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492064Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492063Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492062Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492061Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492060Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492059Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492058Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492057Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492056Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492055Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492054Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492053Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492052Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492051Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492050Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492049Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492048Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492047Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492046Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492045Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492044Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492043Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492042Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492041Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492040Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492039Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492038Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492037Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492036Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492035Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492034Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492033Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492032Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492031Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492030Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492029Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492028Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492027Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492026Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492025Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492024Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492023Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492022Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.912{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492021Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.412{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FE5043813BBEFA13FD3C6757173A2B2,SHA256=CBE96CC98599C53D49DCFE202235E20D6FB664274794D64EBCB148C4B8C4F344,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000492020Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:17.949{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49279-false10.0.1.12-8000- 23542300x8000000000000000492019Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:20.149{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=533FDBB640BC25EC27B1D98DF03EFC27,SHA256=9F11A09BFA3197ED73DA73392078742796A99AE484258D063662D3263176D0AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492296Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.980{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=913E655B3680A12C3B7CD2B6A318CAB4,SHA256=AE6B5888E3F861906E760B1E856694A4B35D9472D26B78B179FF01F5704242CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492295Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492294Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492293Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492292Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492291Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492290Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492289Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492288Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492287Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492286Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492285Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492284Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492283Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056073Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:21.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2FB1A9629D607704E10EAF4FDE57812,SHA256=192DA9A328E151BB6CC2BB85E07F4721AB4C04F2DBBA63BAF63103EC8FDCB06F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492282Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492281Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=F6389E98417439CBDB2381E2A4E00FDE,SHA256=424954430D7AE6078034240350D3C4F2CDEB7F5E131E49E4BD761888F1329592,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492280Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492279Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492278Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492277Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492276Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492275Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492274Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492273Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492272Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492271Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492270Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492269Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=1196974D34A613853E5997B52E8957FC,SHA256=981849C3F7545E708920B429CB76A61C00944ABF74968BC869B1064E88C42D57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492268Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492267Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492266Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492265Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492264Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492263Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492262Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492261Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492260Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492259Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492258Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492257Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492256Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492255Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=C22D20E21A30F45A6352892870764CC6,SHA256=01FC0460F51CF4F79461F85A18BFDCB9EBD5007C967189CBE410DA5F7D19316E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492254Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492253Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492252Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492251Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492250Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492249Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=1AFE831A22AF8FC6F2C4FE879E7D661F,SHA256=182429F7B6E5F776CDB19BEC3CF45C46BAC6CFE73E62A7A46EC9D4E8B6C0607A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492248Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492247Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492246Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492245Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492244Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492243Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492242Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492241Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=7F076032C504BCCD958EFEB08008DA30,SHA256=F1B0804257EB0D95990C38DCD51115128F10FB81B1492A719656D5DBA87AF409,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492240Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492239Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492238Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492237Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492236Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492235Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492234Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492233Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492232Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492231Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492230Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492229Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492228Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=D7B56A3336EC00B6FE17E7246C3A0036,SHA256=308E867D90590509C929A4093AEA591B60BDD137A166B484BA9BC2F18C416F1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492227Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492226Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492225Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492224Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492223Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492222Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492221Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492220Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.964{FC24A973-527C-613F-B00A-00000000F001}7020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2us9qjqv.default-release\datareporting\glean\db\data.safe.binMD5=09AD8C48DAD4919C44F042F15318B34E,SHA256=3B3077DC9FF3C548D6E218E6596D1CCAD75EF67CB1C0CBFDB7CF89F1CA373857,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492219Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.696{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08D877C66294746BA4ECA909139182A4,SHA256=03C1F9983F175858994D1F4CEDCAF58C5853C49F7953FFEB9572210D87C368A5,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000492218Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-SetValue2021-09-13 15:06:21.649{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\9752B235-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_9752B235-0000-0000-0000-100000000000.XML 13241300x8000000000000000492217Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-SetValue2021-09-13 15:06:21.633{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\6661D5AC-85B6-4039-9CA6-E82E82C0227D\Config SourceDWORD (0x00000001) 13241300x8000000000000000492216Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-SetValue2021-09-13 15:06:21.633{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\6661D5AC-85B6-4039-9CA6-E82E82C0227D\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_6661D5AC-85B6-4039-9CA6-E82E82C0227D.XML 23542300x8000000000000000492215Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.096{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B77D3B153F876843B05696EEEDDE76C,SHA256=5A847FB109AF1323EDFF8892C0C7193E57F6AB3FC48AD37C3035E1D725076789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056074Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:22.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75EFA6105668095CDE6959A541E9505D,SHA256=67C7D4AB19A94ED5689ADA1A8B7857700C3CBA2F1EA4CA3984B034E3C910B7C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492314Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492313Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492312Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492311Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492310Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492309Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492308Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492307Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492306Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492305Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492304Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492303Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492302Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492301Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492300Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.664{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21B90C28AAD21CB6CA7A29DEF6E4AAE6,SHA256=B94439C7DC1385E3864122298EC0CD8F20FF5FCA1A217DF64FAF42208439AAAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492299Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.664{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D47CD0FD7FBF0552BB1B958A538D4768,SHA256=91BCDF590F8029EB065E3968B9B9D45AE610E2B67419703D436636326695E439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492298Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.648{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9BC8169F3C1D3588143AA0BF68FE517,SHA256=53066CD4AEB302A3BD8DB3CA1474797F5598B6EB5CAFB014DA56701B10371BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492297Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.030{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC0BFDE7DB608517FC4141F2569D62FB,SHA256=A023BEC55F1FD35BA8D4ABD57B7BFC18F0A4DAB30E6DC9428927378E77E1AE20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056075Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:23.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57B3A4AAFF2DCAF420DCA494580B6DE4,SHA256=1255A6E35B774E3086A579040AE8BE2CE49C251194690C1DBE19604492478A33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492375Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:23.663{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=368ADBB105038A2F121D87DCA1126A42,SHA256=DEAB1B995B3CF22C0A40EBA1FFD26ADCFABFE48323F2E8241A2B6E85C316A8AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000492374Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.351{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49281-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local389ldap 354300x8000000000000000492373Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.351{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49281-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local389ldap 354300x8000000000000000492372Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.327{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49280-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local135epmap 354300x8000000000000000492371Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.327{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49280-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local135epmap 23542300x8000000000000000492370Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:23.148{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=152D48C20FEF39FA07B7DD6CF60CD147,SHA256=1045EF20D6F4B86591D5738ABCD10EF924DD9C100F5AB10329022AD74B4FF4ED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492369Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492368Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492367Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492366Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492365Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492364Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492363Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492362Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492361Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492360Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492359Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492358Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492357Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492356Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492355Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492354Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492353Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492352Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492351Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492350Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492349Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492348Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492347Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492346Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492345Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492344Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492343Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492342Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492341Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492340Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492339Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492338Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492337Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492336Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492335Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492334Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492333Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492332Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492331Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492330Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492329Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492328Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492327Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492326Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492325Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492324Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492323Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492322Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492321Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492320Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492319Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492318Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492317Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492316Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492315Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:22.995{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000056077Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:23.364{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52975-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000056076Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:24.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E0855FCD9522A0222C1235CBF782236,SHA256=FD4C6B9AEDF079818770B3035265D537EEA7E06966DFACBA0921AF2A4B074978,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492448Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.678{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2A5DAD604DCD42702FE31C0AD177AA7,SHA256=E4C94C1A36958F42636D6C3329E11BE3E92F75CAE31A60517FF63C51F9C6381D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000492447Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.361{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49282-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local389ldap 354300x8000000000000000492446Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:21.361{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local49282-truefe80:0:0:0:8863:8986:546a:ca99win-dc-410.attackrange.local389ldap 23542300x8000000000000000492445Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.094{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3B81F375593214B8D551F098176692D,SHA256=5CF3DE0442F7B7771BFD0FF22554D7D8547B2EE34B8F87EA027AD943F864E0C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492444Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492443Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492442Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492441Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492440Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492439Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492438Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492437Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492436Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492435Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492434Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492433Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492432Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492431Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492430Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492429Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492428Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492427Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492426Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492425Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492424Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492423Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492422Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492421Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492420Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492419Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492418Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492417Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492416Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492415Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492414Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492413Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492412Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492411Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492410Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492409Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492408Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492407Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492406Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492405Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492404Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492403Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492402Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492401Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492400Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492399Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492398Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492397Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492396Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492395Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492394Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492393Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.031{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492392Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492391Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492390Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492389Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492388Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492387Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.030{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492386Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.029{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492385Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.029{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492384Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.029{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492383Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.029{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492382Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.028{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492381Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.028{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492380Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.028{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492379Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.028{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492378Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.027{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492377Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.027{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492376Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:24.027{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056078Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:25.427{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04B8A9FFD03BB7825FBF2B5138133788,SHA256=A10B359F413C41B9B7A8461D70B4365A0C2A2AC766C5F37A68DF2C7B23CF0F75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492520Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.693{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9CB89CDD7F7B47166A31760FC94B465,SHA256=39DF89BC8E0DCF1B439A1B42944D20018C5DA08BBFFEA1560C2A24A5FC8B559E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000492519Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:23.946{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49283-false10.0.1.12-8000- 23542300x8000000000000000492518Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.346{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B024EF67298CAFA9EB408A56BA3A677,SHA256=F2E943B5FEEAF52B50F80759509CF6170AA71D1E9F305AFCA75EC698D3E6E9DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492517Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492516Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492515Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492514Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492513Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492512Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492511Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492510Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492509Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492508Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492507Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492506Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492505Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492504Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492503Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492502Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492501Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492500Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492499Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492498Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492497Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492496Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492495Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492494Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.078{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492493Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492492Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492491Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492490Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492489Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492488Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492487Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492486Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492485Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492484Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492483Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492482Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492481Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492480Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492479Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492478Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492477Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492476Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492475Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492474Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492473Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492472Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492471Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492470Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492469Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492468Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492467Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492466Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492465Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492464Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492463Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492462Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492461Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492460Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492459Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492458Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492457Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492456Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492455Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492454Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492453Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492452Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492451Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492450Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492449Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:25.062{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056079Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:26.443{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D00C1311057C952531A8F22478882ED3,SHA256=A97293ECEF5438068FAF6C4179A671829C9943490E6ACF0F2D6EF1DB30658BC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492591Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.709{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DF414CD91A964BA91296A4486D1D58B,SHA256=36CB93EAA4B11B3D8230FA29D4CAA6D51DF3D4BD76AF484A8F5069F5126A0D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492590Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.162{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=255A495D71E88072B92DE8C3FBF450BE,SHA256=B2B30DF7AFAB5A031B01C814BC2EF7A7FFEC56B9E919EE25A6007C2B0CAE9C70,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492589Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492588Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492587Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492586Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492585Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492584Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492583Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492582Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492581Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492580Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492579Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492578Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.109{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492577Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492576Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492575Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492574Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492573Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492572Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492571Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492570Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492569Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492568Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492567Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492566Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492565Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492564Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492563Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492562Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492561Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492560Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492559Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492558Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492557Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492556Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492555Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492554Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492553Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492552Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492551Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492550Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492549Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492548Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492547Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492546Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492545Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492544Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492543Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492542Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492541Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492540Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492539Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492538Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492537Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492536Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492535Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492534Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492533Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492532Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492531Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492530Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492529Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492528Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492527Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492526Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492525Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492524Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492523Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492522Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492521Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:26.093{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056080Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:27.443{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90AF17DEDCE25277F5D5D07B93564C7E,SHA256=216B0C0F7E3D29152EE30F01FF8908ACFB453CA53424ED6E6FD656D1612CC82C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492662Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.728{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA21CD06C3007DD5C4DD6A0B1577D3D5,SHA256=F948F7351BDD2EE7EE28B035D527800984DD6A24FA33B29943C9DEDA511E65A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492661Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.361{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08ED61C6F4961C402BDC4255341F2C50,SHA256=2BFFF1F1A41F485E6C51620BF10F09B78EFD09155CA425752243DD7E9FBBFBF1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492660Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492659Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492658Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492657Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492656Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492655Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492654Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492653Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492652Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492651Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492650Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492649Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492648Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492647Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492646Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492645Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492644Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492643Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492642Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492641Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492640Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492639Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492638Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.146{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492637Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492636Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492635Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492634Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492633Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492632Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492631Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492630Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492629Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492628Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492627Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492626Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492625Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492624Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492623Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492622Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492621Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492620Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492619Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492618Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492617Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492616Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492615Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492614Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492613Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492612Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492611Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492610Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492609Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492608Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492607Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492606Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492605Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492604Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492603Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492602Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492601Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492600Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492599Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492598Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492597Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492596Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492595Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492594Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492593Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492592Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:27.130{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056094Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F4-613F-1D0B-00000000F101}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056093Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056092Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056091Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056090Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056089Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056088Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056087Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056086Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056085Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056084Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-29FF-613F-0500-00000000F101}412428C:\Windows\system32\csrss.exe{A3A2E2BF-68F4-613F-1D0B-00000000F101}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056083Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.818{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F4-613F-1D0B-00000000F101}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056082Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.819{A3A2E2BF-68F4-613F-1D0B-00000000F101}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056081Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.443{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBF0A74D2C45A229706DEF1022F1E3E3,SHA256=A22E8C5F8F07379CA07CF0418F10956D6AE656475C88E52C96ECF47D03990023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492734Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.761{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78344FAEB88E371A85FFD0D8B3440A48,SHA256=6D6471BEAD5D062C27F60259A18F7F7D59EFF1275181F418A36CB380CD892092,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492733Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.508{FC24A973-2841-613F-1300-00000000F001}620NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=257887A7DAE9E4E695FA0CF597B7328F,SHA256=8FA499C088CE2D48B99361CC7F08793A30C41E7BBD62CE44155AA557644AC76F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492732Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.292{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EAE21B802CB42A0C10BBDC48A52547A,SHA256=E6C928B8F1745AD9CB8B800A1B124A0EFFCA9D50183A96982F6B45222C7DFA7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492731Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492730Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492729Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492728Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492727Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492726Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492725Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492724Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492723Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492722Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492721Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492720Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492719Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492718Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492717Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492716Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492715Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492714Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492713Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492712Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492711Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492710Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492709Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492708Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492707Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492706Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492705Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492704Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492703Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492702Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492701Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492700Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492699Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492698Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492697Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492696Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492695Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492694Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492693Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492692Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492691Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492690Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492689Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492688Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492687Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492686Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492685Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492684Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492683Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492682Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492681Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492680Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492679Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492678Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492677Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492676Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492675Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492674Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492673Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492672Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492671Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492670Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492669Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492668Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492667Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492666Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492665Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492664Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492663Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:28.161{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000492805Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.763{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92474F42C506961DDF1080D4752D6EFB,SHA256=94582DA681EDFCD7E465D4645FAB92EBF1625FE2AC3AC7D5CFB2F35338CEF3C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056111Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.818{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAE9E5B7E52BE969891B9DA06A9B372E,SHA256=0B41D2CA1951C850B995DC4BB7C947B1959980023645171E357157647E52F14E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056110Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.818{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0DCDDA530CDA2E221E5508A2CF6959E,SHA256=32D51E0BA7CDFCDA63D2AEB1F6137B7B1A1E626B10EF33DFD85CD02AA4CE30C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056109Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:28.505{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52976-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000056108Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F5-613F-1E0B-00000000F101}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056107Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056106Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056105Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056104Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056103Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056102Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056101Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056100Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056099Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056098Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-29FF-613F-0500-00000000F101}412528C:\Windows\system32\csrss.exe{A3A2E2BF-68F5-613F-1E0B-00000000F101}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056097Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.490{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F5-613F-1E0B-00000000F101}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056096Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.491{A3A2E2BF-68F5-613F-1E0B-00000000F101}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056095Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:29.443{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13F3D2925828ECE57D4BA2F54F0C2C4D,SHA256=B3E1B95B2B907049B131317CB6808E2A7152E08FBB499AA12595B1CBA194ABB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492804Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.276{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25B2D9C95DC7554396F80105FB884CD7,SHA256=9FEB4553CA908C3B8EA92B98956FF463DF4DC2881BF7D4F63819CE052A531231,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492803Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492802Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492801Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492800Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492799Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492798Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492797Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492796Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492795Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492794Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492793Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492792Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492791Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492790Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492789Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492788Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492787Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492786Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492785Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492784Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492783Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492782Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492781Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492780Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492779Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492778Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492777Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492776Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492775Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492774Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492773Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492772Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492771Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492770Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492769Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492768Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492767Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.207{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492766Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492765Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492764Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492763Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492762Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492761Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492760Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492759Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492758Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492757Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492756Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492755Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492754Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492753Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492752Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492751Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492750Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492749Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492748Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492747Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492746Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492745Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492744Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492743Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492742Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492741Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492740Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492739Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492738Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492737Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492736Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492735Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.192{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056139Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F6-613F-200B-00000000F101}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056138Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056137Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056136Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056135Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056134Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056133Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056132Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056131Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056130Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056129Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-29FF-613F-0500-00000000F101}412988C:\Windows\system32\csrss.exe{A3A2E2BF-68F6-613F-200B-00000000F101}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056128Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F6-613F-200B-00000000F101}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056127Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.881{A3A2E2BF-68F6-613F-200B-00000000F101}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056126Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.490{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAA1C54FC3C52109B9DF28EB3E3DD6AA,SHA256=8E23C0AF1E74E4100CEFF024710348F9E2ED12396E93E1A3273708944DCAD921,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492876Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.776{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F647EA28E8A580BE4345A0920BB82465,SHA256=09B65901F2C057842CB7DA497C6D82074576F4E049C9A71265AED8C1B861190B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000492875Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.492{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35A75AEE56B8400F11915933BABE77A5,SHA256=BE144D0D220B594B469451BAC0F44956F470A3879C08D329F3AF4CD255D1F90A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000492874Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492873Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492872Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492871Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492870Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492869Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492868Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492867Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492866Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492865Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492864Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492863Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492862Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492861Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492860Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492859Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492858Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492857Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492856Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492855Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492854Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492853Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492852Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492851Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492850Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492849Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492848Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492847Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492846Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492845Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492844Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492843Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492842Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492841Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492840Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492839Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492838Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492837Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492836Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492835Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492834Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492833Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492832Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492831Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492830Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492829Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492828Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492827Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492826Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.229{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492825Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492824Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492823Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492822Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492821Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492820Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492819Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.228{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492818Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.227{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492817Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.227{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492816Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.227{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492815Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.227{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492814Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.227{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492813Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.226{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492812Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.226{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492811Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.226{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492810Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.226{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492809Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.225{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492808Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.225{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492807Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.225{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492806Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:30.225{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056125Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.303{A3A2E2BF-68F6-613F-1F0B-00000000F101}18323584C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056124Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F6-613F-1F0B-00000000F101}1832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056123Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056122Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056121Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056120Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056119Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056118Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056117Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056116Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056115Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056114Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-29FF-613F-0500-00000000F101}412428C:\Windows\system32\csrss.exe{A3A2E2BF-68F6-613F-1F0B-00000000F101}1832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056113Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.162{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F6-613F-1F0B-00000000F101}1832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056112Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:30.163{A3A2E2BF-68F6-613F-1F0B-00000000F101}1832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056142Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:31.709{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=699D79C39B2443D621B14A274970C9A1,SHA256=79716C2A96D31CD69941BAB289565379F6D0CAAF81B91FA7DC787770D82A381C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000493071Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:29.744{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49284-false10.0.1.12-8000- 23542300x8000000000000000493070Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.429{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F961538AF6ACA2462E9CBF65CF595728,SHA256=F9D320297DEC205503FE4CD4F2BF94874D51F3B7C2BC5EACD550896154451BFA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493069Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493068Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493067Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493066Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493065Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493064Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493063Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493062Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493061Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493060Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493059Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493058Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493057Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493056Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493055Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493054Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493053Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493052Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493051Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493050Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493049Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493048Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493047Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493046Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493045Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493044Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493043Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493042Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493041Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493040Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493039Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493038Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493037Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493036Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493035Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.307{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493034Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493033Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493032Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493031Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493030Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493029Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493028Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493027Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493026Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493025Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493024Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056141Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:31.224{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAE9E5B7E52BE969891B9DA06A9B372E,SHA256=0B41D2CA1951C850B995DC4BB7C947B1959980023645171E357157647E52F14E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000056140Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:31.021{A3A2E2BF-68F6-613F-200B-00000000F101}33882808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493023Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493022Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493021Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493020Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493019Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493018Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493017Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493016Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493015Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493014Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493013Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493012Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493011Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493010Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493009Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493008Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493007Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493006Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493005Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493004Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493003Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493002Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493001Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493000Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492999Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492998Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492997Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492996Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492995Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492994Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.292{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492993Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492992Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492991Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492990Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492989Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492988Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492987Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492986Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492985Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492984Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492983Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492982Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492981Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492980Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492979Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492978Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492977Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492976Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492975Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492974Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492973Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492972Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492971Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492970Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492969Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492968Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492967Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.276{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492966Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492965Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492964Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492963Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492962Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492961Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492960Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492959Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492958Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492957Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492956Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492955Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492954Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492953Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492952Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492951Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492950Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492949Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492948Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492947Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492946Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492945Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492944Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492943Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492942Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492941Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492940Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492939Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492938Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492937Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492936Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492935Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492934Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492933Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492932Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492931Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492930Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492929Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492928Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492927Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492926Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492925Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492924Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492923Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492922Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492921Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492920Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492919Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492918Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492917Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492916Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492915Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492914Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492913Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492912Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492911Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492910Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492909Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492908Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492907Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492906Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492905Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492904Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492903Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492902Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492901Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492900Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492899Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492898Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492897Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492896Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492895Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492894Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492893Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492892Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.260{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492891Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492890Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492889Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492888Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492887Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492886Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492885Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492884Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492883Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492882Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492881Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492880Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492879Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492878Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000492877Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:31.245{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056169Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F8-613F-220B-00000000F101}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056168Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056167Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056166Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056165Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056164Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056163Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056162Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056161Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056160Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056159Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-29FF-613F-0500-00000000F101}412988C:\Windows\system32\csrss.exe{A3A2E2BF-68F8-613F-220B-00000000F101}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056158Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.865{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F8-613F-220B-00000000F101}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056157Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.866{A3A2E2BF-68F8-613F-220B-00000000F101}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056156Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.787{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB0CE5416125421FA0EAFB38E30D0428,SHA256=BEC4E285F5836FDB4FF482E98F362C8DB983F2110C9C0C2C892DF01F4F3CEF59,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493143Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.784{FC24A973-2841-613F-0D00-00000000F001}9001100C:\Windows\system32\svchost.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493142Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.399{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA903FFB5E18DD77405E9E6C41177A2E,SHA256=68F6AE47326FB351C107006C1587704113987AEDE753161C0C324FBC672E9D7A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493141Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493140Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493139Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493138Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493137Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056155Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F8-613F-210B-00000000F101}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056154Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056153Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056152Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056151Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056150Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056149Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056148Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056147Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056146Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056145Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-29FF-613F-0500-00000000F101}412988C:\Windows\system32\csrss.exe{A3A2E2BF-68F8-613F-210B-00000000F101}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056144Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.224{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F8-613F-210B-00000000F101}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056143Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.225{A3A2E2BF-68F8-613F-210B-00000000F101}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000493136Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493135Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493134Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493133Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493132Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493131Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493130Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493129Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493128Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493127Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493126Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493125Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493124Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493123Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493122Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493121Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493120Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493119Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493118Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493117Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493116Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493115Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493114Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493113Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493112Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493111Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493110Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493109Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493108Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493107Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493106Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493105Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493104Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493103Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493102Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493101Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.337{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493100Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.336{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493099Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.336{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493098Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493097Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493096Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493095Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493094Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493093Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493092Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.335{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493091Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493090Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493089Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493088Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493087Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493086Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493085Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493084Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493083Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.334{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493082Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.333{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493081Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.333{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493080Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.333{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493079Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.333{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493078Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.333{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493077Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.332{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493076Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.332{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493075Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.332{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493074Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.332{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493073Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.332{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493072Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:32.052{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D3726CC24E50D62F1DD4EF32CAE4D86,SHA256=486D636BF04490FBF801AAD47E8F51DA06EEB56AB9557415C4915F617042CB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056186Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.849{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B985ABAA9F49147A3279CF9D2D7FEE83,SHA256=7FA020FC3AEDEBEBEF5E1F624E6C7EC0BABF1FA3CE7790CC2FC8165CAAE2DDC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493214Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.514{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B6EBC617D8438206B09274CC1386D52,SHA256=8AA06EB52F53B44D0EDD3E942C511CCDF840CD3F005717C705AA64E8357A85D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493213Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493212Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493211Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493210Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493209Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056185Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.615{A3A2E2BF-68F9-613F-230B-00000000F101}12484036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056184Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A96-613F-AD00-00000000F101}36362124C:\Windows\system32\conhost.exe{A3A2E2BF-68F9-613F-230B-00000000F101}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056183Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056182Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056181Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056180Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056179Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056178Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056177Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056176Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056175Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A00-613F-0C00-00000000F101}7281904C:\Windows\system32\svchost.exe{A3A2E2BF-2A01-613F-1A00-00000000F101}1892C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056174Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-29FF-613F-0500-00000000F101}412528C:\Windows\system32\csrss.exe{A3A2E2BF-68F9-613F-230B-00000000F101}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056173Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.490{A3A2E2BF-2A96-613F-A900-00000000F101}20683952C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A3A2E2BF-68F9-613F-230B-00000000F101}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056172Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.491{A3A2E2BF-68F9-613F-230B-00000000F101}1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A3A2E2BF-2A00-613F-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056171Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:33.365{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2535CAB5B349EF84BEF3A6393ECF1E59,SHA256=4078B3078A7893DFB53E708D4B5DBD344AE2D4A58EBD7B56B9A8960F4219A981,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000056170Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:32.990{A3A2E2BF-68F8-613F-220B-00000000F101}3256772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A3A2E2BF-2A96-613F-A900-00000000F101}2068C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493208Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493207Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493206Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493205Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493204Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493203Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493202Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493201Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493200Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493199Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493198Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493197Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493196Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493195Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493194Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493193Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493192Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.367{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493191Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493190Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493189Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493188Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493187Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493186Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493185Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493184Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493183Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493182Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493181Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493180Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493179Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493178Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493177Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493176Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493175Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493174Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493173Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493172Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493171Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493170Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493169Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493168Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493167Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493166Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493165Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493164Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493163Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493162Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493161Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493160Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493159Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493158Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493157Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493156Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493155Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493154Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493153Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493152Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493151Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493150Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493149Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493148Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493147Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493146Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493145Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.352{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493144Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:33.068{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF2A9B7323C54CB4D7C512CA8F3800FC,SHA256=349AEEF57B648DE693101228CD5AA3088D33BDA00FAFB5309E22B619B9214DB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056188Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:34.959{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DA467149F2E7656A12591491D330961,SHA256=D94625E363F447A1A11D5598667F5C307085AC69F7874A1B5ABC5209FFAD0923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493285Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.469{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=342C2562897B3A080679AFF4EB660C04,SHA256=EF63D972E8D2C178A8CBBCF5E436A579DCE709C7C3D788B485FBAEF371F537F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493284Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493283Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493282Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493281Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493280Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056187Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:34.506{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B62505FA1F8C6DF537016BE35C078C5C,SHA256=2E7EBA06EF50E1603A974E26C6013C614AAA6754FBE2DBCE09525E9227BB501C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493279Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493278Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493277Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493276Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493275Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493274Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493273Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493272Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493271Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493270Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493269Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493268Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493267Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493266Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493265Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493264Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493263Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493262Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493261Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493260Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493259Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493258Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493257Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493256Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493255Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493254Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493253Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493252Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493251Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493250Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493249Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493248Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493247Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493246Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493245Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493244Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493243Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493242Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493241Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493240Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493239Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493238Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493237Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493236Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493235Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493234Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493233Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493232Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493231Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493230Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493229Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493228Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493227Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493226Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493225Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493224Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493223Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493222Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493221Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493220Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493219Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493218Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493217Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493216Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.368{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493215Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.114{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0420735E5BD6AE422FFB3F28744B569A,SHA256=EF140805E1004B47D78CEB5127DD4AB8EBBD493CC1D6928071A64008724F6424,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000056191Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:34.318{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52977-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000056190Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:35.975{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A4F9B0E0DCA9EA91732A7B599D882D5,SHA256=9EF20C9713AB5FAD3A4B34FD178AE0E1353D9F57BADFB23FE279DC3320E5DFBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493356Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.570{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44CCEF3F71E6BE5B72ADBCADABD313ED,SHA256=15CDA749FAFF41AD055E44DD5C116F324B1E516E66C37BB707112B726B316603,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493355Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493354Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493353Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493352Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493351Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056189Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:35.540{A3A2E2BF-2A01-613F-1C00-00000000F101}1920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0ad9bd5820c05425d\channels\health\respondent-20210913103755-261MD5=E12FD42937DF109AB88C2B38C18BE901,SHA256=830D9C0C77C04B10D3A52B9403BBC66CCA5F417E84542138AFAA57FC3CEE0FFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493350Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493349Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493348Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493347Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493346Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.401{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493345Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493344Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493343Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493342Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493341Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493340Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493339Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493338Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493337Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493336Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493335Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493334Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493333Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493332Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493331Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493330Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493329Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493328Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493327Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493326Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493325Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493324Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493323Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493322Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493321Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493320Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493319Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493318Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493317Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493316Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493315Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493314Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493313Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493312Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493311Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493310Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493309Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493308Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493307Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493306Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493305Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493304Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493303Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493302Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493301Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493300Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493299Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493298Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493297Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493296Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493295Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493294Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493293Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493292Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493291Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493290Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493289Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493288Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493287Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.386{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493286Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:35.154{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD919367D6A8EC5A65C36A394ED7D78D,SHA256=03A1ED1577CAA8939426CFAD7F8125F4C78A10D03A52DD5AF88F0AC359C64DC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056193Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:36.995{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F2E321C884830FB63B66B1F1EF3E0B3,SHA256=838FC9AE4B3EFA95C3B6F19CEEB0E5AAFCE9291ED51E51B4E6175DD74D29A8D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493428Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.685{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7BEC2B4D37FBF827C3E72DA9A75CE20,SHA256=6CD12B2FD593C0A7B94B52731212B729A91EE0899405EE3FE92E2B42C39B0FF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000493427Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:34.799{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49285-false10.0.1.12-8000- 10341000x8000000000000000493426Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.438{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493425Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.438{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493424Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.438{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493423Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.438{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493422Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.437{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056192Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:36.553{A3A2E2BF-2A01-613F-1C00-00000000F101}1920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0ad9bd5820c05425d\channels\health\surveyor-20210913103753-262MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493421Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.437{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493420Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.437{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493419Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.437{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493418Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.437{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493417Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.436{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493416Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.435{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493415Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.435{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493414Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.435{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493413Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.434{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493412Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.434{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493411Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.434{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493410Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.434{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493409Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.434{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493408Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.433{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493407Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.433{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493406Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.433{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493405Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.433{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493404Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493403Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493402Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493401Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493400Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493399Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493398Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493397Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493396Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493395Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493394Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493393Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493392Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493391Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493390Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493389Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493388Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493387Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493386Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493385Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493384Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493383Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493382Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493381Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493380Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493379Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493378Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493377Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493376Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493375Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493374Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493373Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493372Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493371Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493370Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493369Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493368Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493367Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493366Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493365Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493364Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493363Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493362Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493361Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493360Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493359Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493358Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.417{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493357Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:36.201{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B01867876C06A80A4DDB417CEEC834E,SHA256=BF822181AA6566906F46AA539E32ED0960688F01475F5FBFAC3FDC44BF045B66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000056194Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:37.996{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC81B26A091633C01397133BB21B0C03,SHA256=9931FA3EE8D8CFD106E3A31723792CD419A7452D581896D71532623BB8E15C7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493500Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.502{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=233E348870E1B722E88D13DEEC9D14FA,SHA256=C49F9E77EE025B29B1CC48B2A50B0F40C3C5C9631CD83901F8E68972F4DEFE5B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493499Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.455{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493498Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.455{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493497Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.455{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493496Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.455{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493495Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.455{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493494Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493493Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493492Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493491Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493490Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493489Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493488Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493487Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493486Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493485Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493484Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493483Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493482Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493481Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493480Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493479Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493478Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493477Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493476Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493475Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493474Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493473Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493472Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493471Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493470Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493469Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493468Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493467Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493466Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493465Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493464Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493463Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493462Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493461Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493460Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493459Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493458Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493457Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493456Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493455Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493454Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493453Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493452Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493451Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493450Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493449Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493448Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493447Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493446Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493445Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493444Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493443Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493442Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493441Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493440Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493439Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493438Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493437Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493436Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493435Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493434Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493433Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493432Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493431Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.440{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493430Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.217{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC2475B5F6D4CBB1606997F75C7B3E0E,SHA256=E8602BD94C6C75415E2397AA9A492F10502C16463E32CADC3E2BFD7DA2E33D57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493429Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:37.035{FC24A973-2851-613F-2900-00000000F001}2932NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0f5976c4018dd9016\channels\health\respondent-20210913103046-268MD5=F63FAFE4E21265A38C0325A55F6338BE,SHA256=979E4129C2646E2A92CAE8CB35FA28FA3096F2A4B9651F7896DB8268DB2AEC8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493572Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.656{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED45DDDE12B52EC225B8549664CEA080,SHA256=B922C9820637DF570F8CFFC5D23E5640BD60204A525E4FD61502BF4AAF1C90B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493571Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493570Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493569Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493568Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493567Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493566Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493565Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493564Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493563Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493562Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493561Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493560Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493559Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493558Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493557Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493556Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493555Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493554Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493553Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493552Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493551Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493550Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493549Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493548Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493547Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493546Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493545Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493544Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493543Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493542Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493541Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493540Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493539Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493538Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493537Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493536Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493535Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493534Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493533Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493532Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493531Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493530Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493529Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493528Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493527Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493526Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493525Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493524Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493523Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493522Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493521Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493520Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493519Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493518Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493517Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493516Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493515Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493514Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493513Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493512Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493511Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493510Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493509Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493508Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493507Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493506Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493505Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493504Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493503Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.471{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493502Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.218{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8C47C40E62FA9AF237D673389DD8009,SHA256=D697ED5B6863DAD9D742464CD565D2CB704A7A0BC411FC20E84F6660FF2C0F3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493501Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:38.035{FC24A973-2851-613F-2900-00000000F001}2932NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0f5976c4018dd9016\channels\health\surveyor-20210913103042-269MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493643Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.603{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A734BD8D9A1EDBE28F22E599C98A4FA,SHA256=AE48008188D263EF2845AE8CB1309EB5D93155A4C4E6832E17ADB1437F8CBFA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493642Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493641Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493640Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493639Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493638Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056195Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:39.012{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BDAAB8F7E5D6B00217E2BE12446AE60,SHA256=12895FE40743BA8BCAE26B13CB9AEB25C1B1AEF6E04AFAD57FD1E584B258A5AB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493637Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493636Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493635Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493634Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.504{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493633Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493632Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493631Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493630Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493629Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493628Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493627Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493626Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493625Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493624Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493623Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493622Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493621Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493620Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493619Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493618Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493617Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493616Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493615Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493614Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493613Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493612Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493611Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493610Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493609Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493608Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493607Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493606Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493605Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493604Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493603Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493602Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493601Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493600Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493599Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493598Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493597Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493596Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493595Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493594Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493593Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493592Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493591Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493590Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493589Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493588Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493587Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493586Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493585Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493584Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493583Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493582Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493581Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493580Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493579Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493578Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493577Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493576Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493575Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493574Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.489{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493573Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.219{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6F937C722E8A6E940100CB7E56643EE,SHA256=BFE85B6911D89F5FD895C7F54527E629841BF3C7DC35AD6310AF70423F6541A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000493714Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.718{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9370AB72A9D6429AD33A2FD44A1EC813,SHA256=3A32BC04DF9AA602FD4BE1BFD004945AD4B7F8765DC1713183A6FB2B563E6167,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493713Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493712Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493711Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493710Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493709Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000056197Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:39.527{A3A2E2BF-2A9D-613F-D700-00000000F101}3424C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local52978-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000056196Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:40.027{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C18ED365D4FD86A0F8538B2A9C7728BA,SHA256=784FF4B59DE864AD0BD8F9CD1C3847992387F9BD85EA03D2AA02CB95045870A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493708Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493707Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493706Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493705Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.540{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493704Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.539{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493703Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.539{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493702Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.539{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493701Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493700Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493699Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493698Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493697Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493696Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.538{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493695Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.537{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493694Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.537{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493693Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.536{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493692Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.536{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493691Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.536{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493690Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.535{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493689Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.534{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493688Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.534{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493687Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493686Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493685Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493684Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493683Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493682Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493681Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493680Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493679Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493678Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493677Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493676Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493675Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493674Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493673Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493672Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493671Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493670Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493669Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493668Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493667Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493666Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493665Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493664Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493663Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493662Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493661Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493660Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493659Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493658Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493657Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493656Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493655Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493654Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493653Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493652Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493651Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493650Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493649Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493648Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493647Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493646Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493645Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.519{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493644Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:40.238{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11EF3B7A5C19A11B90D49565CD90F8A,SHA256=BA1334AD8C80E8EEA19FD7FD2FDEC3D9C28131287EE838B07CBECBC8A267C0A1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000493938Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:39.918{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-410.attackrange.local49286-false10.0.1.12-8000- 23542300x8000000000000000493937Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.702{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26BD53CA30EA72A123A0DA01DF3956D5,SHA256=C71DC8FA2844A98770EA701EC166F1BAAB8AD1217513E4E92969F97EA6250392,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493936Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493935Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493934Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493933Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493932Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493931Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493930Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.618{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493929Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493928Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493927Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493926Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493925Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493924Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493923Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493922Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493921Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493920Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493919Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493918Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493917Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493916Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493915Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493914Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493913Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493912Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493911Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493910Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F808-00000000F001}2116C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493909Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493908Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493907Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493906Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493905Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493904Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.602{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493903Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493902Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493901Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493900Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493899Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493898Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493897Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493896Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493895Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493894Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493893Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493892Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-BA0D-00000000F001}6872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493891Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056198Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-09-13 15:06:41.027{A3A2E2BF-2AA3-613F-E000-00000000F101}3068NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BC486E8C5333A28315789F00FE75620,SHA256=8DB20E272B6AD194A024D1C9D05230863BE93BC892D23144B8C3DEA11327F27C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493890Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-68C5-613F-B90D-00000000F001}432C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493889Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493888Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6767-613F-8C0D-00000000F001}4424C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493887Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493886Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-6614-613F-660D-00000000F001}1964C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493885Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493884Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-65B5-613F-550D-00000000F001}5444C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493883Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493882Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-648A-613F-2E0D-00000000F001}1972C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493881Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493880Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-638D-613F-0F0D-00000000F001}4740C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493879Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493878Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DC0A-00000000F001}4420C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493877Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493876Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5336-613F-DB0A-00000000F001}4232C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493875Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493874Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5286-613F-B60A-00000000F001}3492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493873Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493872Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5281-613F-B50A-00000000F001}7092C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493871Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493870Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B40A-00000000F001}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493869Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493868Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B30A-00000000F001}5048C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493867Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493866Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-5280-613F-B20A-00000000F001}6472C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493865Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493864Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527F-613F-B10A-00000000F001}6604C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493863Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493862Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-527C-613F-B00A-00000000F001}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493861Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493860Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4E53-613F-0A0A-00000000F001}4156C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493859Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493858Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F209-00000000F001}7112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493857Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493856Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4DDB-613F-F109-00000000F001}4892C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493855Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493854Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475D-613F-2409-00000000F001}5204C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493853Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493852Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493851Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493850Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474D-613F-0E09-00000000F001}1140C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493849Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493848Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0509-00000000F001}4536C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493847Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493846Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.587{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-474C-613F-0209-00000000F001}3520C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493845Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493844Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4749-613F-FC08-00000000F001}2176C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493843Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493842Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-4748-613F-F908-00000000F001}1080C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493841Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493840Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-28CC-613F-9300-00000000F001}2364C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493839Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493838Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2867-613F-7600-00000000F001}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493837Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493836Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2860-613F-6D00-00000000F001}3348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493835Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493834Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2856-613F-4800-00000000F001}3796C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493833Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493832Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2855-613F-4700-00000000F001}3780C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493831Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493830Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2853-613F-3700-00000000F001}3392C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493829Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493828Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3300-00000000F001}3144C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493827Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493826Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3100-00000000F001}2296C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493825Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493824Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-3000-00000000F001}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493823Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493822Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2F00-00000000F001}2304C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493821Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493820Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2E00-00000000F001}2280C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493819Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493818Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2D00-00000000F001}1496C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493817Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493816Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2C00-00000000F001}1604C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493815Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493814Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2852-613F-2B00-00000000F001}2188C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493813Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493812Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2A00-00000000F001}3024C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493811Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493810Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2900-00000000F001}2932C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493809Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493808Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493807Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493806Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493805Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493804Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493803Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493802Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493801Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493800Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493799Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493798Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493797Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493796Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493795Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493794Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493793Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493792Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493791Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493790Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493789Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493788Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493787Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493786Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493785Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493784Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493783Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493782Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493781Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493780Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.571{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493779Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493778Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493777Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493776Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493775Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493774Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493773Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493772Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493771Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493770Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493769Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2700-00000000F001}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493768Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2851-613F-2600-00000000F001}2784C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493767Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-284B-613F-2300-00000000F001}2604C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493766Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2200-00000000F001}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493765Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2846-613F-2100-00000000F001}2504C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493764Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1E00-00000000F001}2096C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493763Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1700-00000000F001}1500C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493762Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1600-00000000F001}1316C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493761Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2842-613F-1500-00000000F001}1244C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493760Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1400-00000000F001}1068C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493759Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1300-00000000F001}620C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493758Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1200-00000000F001}480C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493757Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1100-00000000F001}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493756Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-1000-00000000F001}360C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493755Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0F00-00000000F001}292C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493754Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0E00-00000000F001}1000C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493753Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0D00-00000000F001}900C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493752Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-2841-613F-0C00-00000000F001}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493751Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0B00-00000000F001}632C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493750Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0A00-00000000F001}624C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493749Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0900-00000000F001}572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493748Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0800-00000000F001}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493747Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0700-00000000F001}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493746Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283F-613F-0500-00000000F001}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493745Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0200-00000000F001}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493744Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.555{FC24A973-529C-613F-BF0A-00000000F001}56525732C:\Users\Administrator\Downloads\procexp64.exe{FC24A973-283C-613F-0100-00000000F001}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000493743Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.335{FC24A973-2867-613F-7600-00000000F001}524NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21FA91EFA7812487D6F7D043A0E885F7,SHA256=A4AB70D4D019406A92608517175B8F74CBD98C213E304DA4BF36DF221883B83F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000493742Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493741Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493740Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493739Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493738Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493737Microsoft-Windows-Sysmon/Operationalwin-dc-410.attackrange.local-2021-09-13 15:06:41.103{FC24A973-2841-613F-0D00-00000000F001}900920C:\Windows\system32\svchost.exe{FC24A973-475B-613F-2309-00000000F001}3804C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 103