23542300x800000000000000035789Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.871{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O4I2YE29AG\System.ComponentModel.Composition.ni.dll.auxMD5=694406FEC9A4D3335D220AADB0FA8797,SHA256=45E44499273F3E2F07640B16480103FEAE49022794D70F6B761C1B8A7D283CFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035788Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.871{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O4I2YE29AG\System.ComponentModel.Composition.ni.dllMD5=0632FC2C8FE933134DC4039823BF7DDA,SHA256=65074EB6B679C8BEFA936EC373CCFDB9EAE1A71563936A3F77DDE751164D8143,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035787Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.824{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NYU4M9NQO7\System.Drawing.ni.dll.auxMD5=AE1806558A5233CA0895E229CA9A5CDD,SHA256=BF8A1C5F9A51673F43C265FD747004440EA4B3BC1CE92378D2A9C6B197995F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035786Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.824{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NYU4M9NQO7\System.Drawing.ni.dllMD5=FDBA63CB8F1C68D60D66AC4C25A52A2D,SHA256=9DFCA47793FC5BA5B8158ABB6E3487263E7967F0CD4533083D465AB38EA2018C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035785Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.714{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NVJRBVWD7A\System.Core.ni.dll.auxMD5=48FFD457B52D2283A43AAA2D8D7B2895,SHA256=529CDC113FC10D5542623FECA65BED08EF6A85D46AD9F372D32D25C91224FB54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035784Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.714{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NVJRBVWD7A\System.Core.ni.dllMD5=783B07F6DC4FEB9350CE7157E6240EA5,SHA256=A3CDC262830D14397834BF31D00E6F5179BFA6B9E570BD76C623E6033A0FF60D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035783Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.371{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NSCDQAJZZE\System.Data.ni.dll.auxMD5=CC9F9CB4F637C42741255EF17203B47C,SHA256=370A27D995B8AC7DEC609867B2B7BBEA89A465AB01320C77D7F8CB57793DC76B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035782Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.371{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NSCDQAJZZE\System.Data.ni.dllMD5=4CE9DA541633C93EAE8D016C36CA6BF4,SHA256=08E8F1F9463152B6AABF02E6A7CB02A2DA4608AD745320837A9718B87B52AA29,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035781Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.339{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99028A8592E4F9BD5383DE36046F77B2,SHA256=42776077032AA2F1591B39C47EB4B7FCD674EB28B9434080BCFF15F0EDE53F4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013423Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:11.022{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E67C6429BE67F0366C3403800E6F6E15,SHA256=4C84149DA90468408BBDB771CF8997D916C9889967FE31474A62308E889F713F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035780Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.042{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NO21KQA2HF\System.Configuration.Install.ni.dll.auxMD5=0CBC2C9737233F80F1C8DD57CE1AE88C,SHA256=6E18B2C2DFA32D6F4925D1BBE903FD9049472C36261FEBA8DD59628E8C6A9F30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035779Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.042{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NO21KQA2HF\System.Configuration.Install.ni.dllMD5=2582241664CA944A32E31176A66CF0C6,SHA256=B7C2F435943924E46E604D1D35C1835920CC706BF320D85179E53CA0F84354FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035778Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.027{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NL4EC7YXBV\System.Data.ni.dll.auxMD5=EDB7CB075A217959013CD75CE405CCD2,SHA256=240A71F1AF20552B564ACE0F494BDFFCA2B3982D62D762D1E71E6E1535797972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035777Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:11.027{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NL4EC7YXBV\System.Data.ni.dllMD5=7ABB236413DDD5D4953BB3A2C663E53F,SHA256=D14A3A1F1851D9FD244CBF574F22A3B94B05FBBBC6147381E68F694AD59574E3,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000035800Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:10.428{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59190-false10.0.1.12-8000- 23542300x800000000000000035799Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.761{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=372ED2E333573FDB6830A52AF2E5A46E,SHA256=A4B4B8B22D7AE41243BD36AA1C2188E74D524F80C472165AD263B027E5FD8C03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035798Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OOS41VYSH3\System.DirectoryServices.ni.dll.auxMD5=5BE283A9E68591B32773566F147A211F,SHA256=83CFFD1BAEA158353574578F2145C054F207526C8E544F114652C4EF01713BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035797Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OOS41VYSH3\System.DirectoryServices.ni.dllMD5=8CE05080E8212D45575DB5EC52382363,SHA256=B2960982ADB25974561E8356470B1234CDEC00F5FDBAFDC39F221B37F914433E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035796Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OFVXZGR1VK\System.ni.dll.auxMD5=F5E454AFEA99BF074A1D3313654C9C7C,SHA256=15FFAD8EC46C0265F01EE5C5891650A8C1D7D481080057D01EC1F0B597D009F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035795Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OFVXZGR1VK\System.ni.dllMD5=D60796FB70D97A574714D0C77F93D97D,SHA256=A1C4314F753DA4EE230B0AB995A4F9EC872F35780174F6E060A1DF56EBBBD6EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035794Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.371{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5D1BE468C2540F497A0952C3A06EE66,SHA256=2BC681C4B5072557DBDE450BADDAF1E9274DC0F5E8A1DA2DC7627169AFEEA01E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013424Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:12.038{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77964EE68C26A90DA46D80CD74C5DD92,SHA256=F019DD82BCC7DD365C96205AB7C2F955E19007DDAAF1EAF56B7D0995C37D72D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035793Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.152{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OD8WEIQHVA\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035792Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.152{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OD8WEIQHVA\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035791Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.136{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O8XCWSNQV8\System.Core.ni.dll.auxMD5=EB3705BF415BBFABE3EEF435BB9CAADD,SHA256=19E4BFB51F3918297F82E34403F9F1935B17BBC2A78E6C4247D6089C94C8BF15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035790Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:12.136{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O8XCWSNQV8\System.Core.ni.dllMD5=D34A762C6315A7E500BD3DC88FEDD43D,SHA256=80E62A15C9EB0FAB896B1D0A216D1C3AB4C103B8F957DB46C14E6DD9614D43FC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035814Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.699{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PC4QJUM510\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035813Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PC4QJUM510\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035812Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P5RBFV7DTM\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035811Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P5RBFV7DTM\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035810Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.636{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P3LFTWOA7M\System.Core.ni.dll.auxMD5=0B7B3547A6755335583D2C975D27717F,SHA256=CB5ECB0625E0E2D5C2A864279FFAFC96048F0E10B0A47437B6CA6D8FA2DAE6E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035809Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.636{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P3LFTWOA7M\System.Core.ni.dllMD5=90F0732AF7D2F9207DEA5BD7ECAD33B0,SHA256=C929FD867AE7413965067562351E1DFA8D05721D5A6151A3B575EB94B970F923,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035808Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.417{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4194144F61898BBF857C117ED3671C0E,SHA256=2DF7B9136FA8B800D7320BD3ADA1EF5081210B5D45909C1C1B2444C398F147B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013425Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:13.085{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98B13B6C3D9B809E4DA46608AE1D2DE0,SHA256=7554D079BC115C5F68652937CCCEBB7DEF9CBF680BE7DC684343CF4167ABE7C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035807Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.261{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P1WYFUDXSN\System.Security.ni.dll.auxMD5=74E5478F4A51B682700233CD6B7C05DC,SHA256=4BC93A21F6F5BE0B8E4ACFB6F96A6F3B1444A8310826E2CCC4DD8862E4D6F3E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035806Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.261{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P1WYFUDXSN\System.Security.ni.dllMD5=D518D6481A2B6037B8E61101718E6EB3,SHA256=154839515F16941BB2AB2FF9716A5CBCA5FECCD9CEAF9D0D51BA9797F3B98721,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035805Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.246{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P0RK1OW14J\System.Configuration.ni.dll.auxMD5=F07B09293E0492E71E96C7A764BB524D,SHA256=A24285135DCD60675A12C5E36DF5B3FD7AEEEACFD305973C262A0C73053C7703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035804Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.246{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P0RK1OW14J\System.Configuration.ni.dllMD5=B0386808CBC978446F0D8638C53F9F02,SHA256=7E05166D981CF6FA3157EE088305E2B901B9721FCED6370E9D1CE7511A71AC64,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000035803Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.167{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OXYH1ETAXY\System.Core.ni.dll.auxMD5=5DCD12C73B9F94AD86DD5CCFF0961B76,SHA256=F48412CADA48829BCA494224CE73B46166853194748E6A93117C35D3A388A473,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000035802Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.167{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OXYH1ETAXY\System.Core.ni.dllMD5=0AA216B359BB985E91C06D6CEC347EF2,SHA256=5EDE9B67C3A3A41FCC240B0D7F27764343BD8C1BB1EAC39F441E00C6E5066C92,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000035801Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:13.089{7BD73061-65B2-613B-0D00-00000000F001}8925164C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000036425Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch.exe|26836f160b2136d8\BinProductVersion2.33.0.2 13241300x800000000000000036424Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch.exe|26836f160b2136d8\LinkDate08/24/2021 10:09:53 13241300x800000000000000036423Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch.exe|26836f160b2136d8\Publisherthe git development community 13241300x800000000000000036422Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch.exe|26836f160b2136d8\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fetch.exe 13241300x800000000000000036421Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch-pack.e|eaa13da8b960bb8f\BinProductVersion2.33.0.2 13241300x800000000000000036420Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch-pack.e|eaa13da8b960bb8f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036419Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch-pack.e|eaa13da8b960bb8f\Publisherthe git development community 13241300x800000000000000036418Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fetch-pack.e|eaa13da8b960bb8f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fetch-pack.exe 13241300x800000000000000036417Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-import.|6e2bb2de2d0c9142\BinProductVersion2.33.0.2 13241300x800000000000000036416Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-import.|6e2bb2de2d0c9142\LinkDate08/24/2021 10:09:53 13241300x800000000000000036415Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-import.|6e2bb2de2d0c9142\Publisherthe git development community 13241300x800000000000000036414Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-import.|6e2bb2de2d0c9142\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fast-import.exe 13241300x800000000000000036413Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-export.|a89216de984913cf\BinProductVersion2.33.0.2 13241300x800000000000000036412Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-export.|a89216de984913cf\LinkDate08/24/2021 10:09:53 13241300x800000000000000036411Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-export.|a89216de984913cf\Publisherthe git development community 13241300x800000000000000036410Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fast-export.|a89216de984913cf\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fast-export.exe 13241300x800000000000000036409Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-env--helper.|2c74ba6e4fc1d4ec\BinProductVersion2.33.0.2 13241300x800000000000000036408Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-env--helper.|2c74ba6e4fc1d4ec\LinkDate08/24/2021 10:09:53 13241300x800000000000000036407Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-env--helper.|2c74ba6e4fc1d4ec\Publisherthe git development community 13241300x800000000000000036406Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-env--helper.|2c74ba6e4fc1d4ec\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-env--helper.exe 13241300x800000000000000036405Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-difftool.exe|903a2ba27de6fa88\BinProductVersion2.33.0.2 13241300x800000000000000036404Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-difftool.exe|903a2ba27de6fa88\LinkDate08/24/2021 10:09:53 13241300x800000000000000036403Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-difftool.exe|903a2ba27de6fa88\Publisherthe git development community 13241300x800000000000000036402Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-difftool.exe|903a2ba27de6fa88\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-difftool.exe 13241300x800000000000000036401Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff.exe|fe3e1c9d29f52286\BinProductVersion2.33.0.2 13241300x800000000000000036400Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff.exe|fe3e1c9d29f52286\LinkDate08/24/2021 10:09:53 13241300x800000000000000036399Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff.exe|fe3e1c9d29f52286\Publisherthe git development community 13241300x800000000000000036398Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff.exe|fe3e1c9d29f52286\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-diff.exe 13241300x800000000000000036397Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-tree.ex|d17f2f481ab32d12\BinProductVersion2.33.0.2 13241300x800000000000000036396Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-tree.ex|d17f2f481ab32d12\LinkDate08/24/2021 10:09:53 13241300x800000000000000036395Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-tree.ex|d17f2f481ab32d12\Publisherthe git development community 13241300x800000000000000036394Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-tree.ex|d17f2f481ab32d12\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-diff-tree.exe 13241300x800000000000000036393Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-index.e|3e5a108a9f567115\BinProductVersion2.33.0.2 13241300x800000000000000036392Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-index.e|3e5a108a9f567115\LinkDate08/24/2021 10:09:53 13241300x800000000000000036391Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-index.e|3e5a108a9f567115\Publisherthe git development community 13241300x800000000000000036390Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-index.e|3e5a108a9f567115\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-diff-index.exe 13241300x800000000000000036389Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-files.e|4b52f8fbf7fa68d0\BinProductVersion2.33.0.2 13241300x800000000000000036388Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-files.e|4b52f8fbf7fa68d0\LinkDate08/24/2021 10:09:53 13241300x800000000000000036387Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-files.e|4b52f8fbf7fa68d0\Publisherthe git development community 13241300x800000000000000036386Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-diff-files.e|4b52f8fbf7fa68d0\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-diff-files.exe 13241300x800000000000000036385Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-describe.exe|ca93040df5afaed5\BinProductVersion2.33.0.2 13241300x800000000000000036384Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-describe.exe|ca93040df5afaed5\LinkDate08/24/2021 10:09:53 13241300x800000000000000036383Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-describe.exe|ca93040df5afaed5\Publisherthe git development community 13241300x800000000000000036382Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-describe.exe|ca93040df5afaed5\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-describe.exe 13241300x800000000000000036381Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\BinProductVersion2.33.0.2 13241300x800000000000000036380Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\LinkDate08/24/2021 10:09:53 13241300x800000000000000036379Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\Publisherthe git development community 13241300x800000000000000036378Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-daemon.exe 13241300x800000000000000036377Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential.e|7fcfd8585219b3da\BinProductVersion2.33.0.2 13241300x800000000000000036376Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential.e|7fcfd8585219b3da\LinkDate08/24/2021 10:09:53 13241300x800000000000000036375Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential.e|7fcfd8585219b3da\Publisherthe git development community 13241300x800000000000000036374Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential.e|7fcfd8585219b3da\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential.exe 13241300x800000000000000036373Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\BinProductVersion(Empty) 13241300x800000000000000036372Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036371Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\Publisher(Empty) 13241300x800000000000000036370Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-wincred.exe 13241300x800000000000000036369Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-s|f72ca269558b1404\BinProductVersion2.33.0.2 13241300x800000000000000036368Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-s|f72ca269558b1404\LinkDate08/24/2021 10:09:53 13241300x800000000000000036367Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-s|f72ca269558b1404\Publisherthe git development community 13241300x800000000000000036366Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-s|f72ca269558b1404\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-store.exe 13241300x800000000000000036365Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|55d73dc387b631bc\BinProductVersion1.20.0.0 13241300x800000000000000036364Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|55d73dc387b631bc\LinkDate09/05/2019 15:02:13 13241300x800000000000000036363Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|55d73dc387b631bc\Publishermicrosoft corporation 13241300x800000000000000036362Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|55d73dc387b631bc\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-manager.exe 13241300x800000000000000036361Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|425ee5c501baf173\BinProductVersion2.0.498.0 13241300x800000000000000036360Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|425ee5c501baf173\LinkDate09/05/2039 11:03:58 13241300x800000000000000036359Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|425ee5c501baf173\Publishergit-credential-manager-core 13241300x800000000000000036358Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-m|425ee5c501baf173\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-manager-core.exe 13241300x800000000000000036357Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\BinProductVersion(Empty) 13241300x800000000000000036356Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\LinkDate01/01/1970 00:00:00 13241300x800000000000000036355Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\Publisher(Empty) 13241300x800000000000000036354Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\LowerCaseLongPathc:\program files\git\mingw64\bin\git-credential-helper-selector.exe 13241300x800000000000000036353Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|2da56af252cfcd16\BinProductVersion2.33.0.2 13241300x800000000000000036352Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|2da56af252cfcd16\LinkDate08/24/2021 10:09:53 13241300x800000000000000036351Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|2da56af252cfcd16\Publisherthe git development community 13241300x800000000000000036350Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|2da56af252cfcd16\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-cache.exe 13241300x800000000000000036349Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|17175c202eed73b7\BinProductVersion2.33.0.2 13241300x800000000000000036348Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|17175c202eed73b7\LinkDate08/24/2021 10:09:53 13241300x800000000000000036347Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|17175c202eed73b7\Publisherthe git development community 13241300x800000000000000036346Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-credential-c|17175c202eed73b7\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-cache--daemon.exe 13241300x800000000000000036345Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-count-object|9f950d53a6a442ff\BinProductVersion2.33.0.2 13241300x800000000000000036344Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-count-object|9f950d53a6a442ff\LinkDate08/24/2021 10:09:53 13241300x800000000000000036343Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-count-object|9f950d53a6a442ff\Publisherthe git development community 13241300x800000000000000036342Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-count-object|9f950d53a6a442ff\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-count-objects.exe 13241300x800000000000000036341Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-config.exe|e75be4b0a6770696\BinProductVersion2.33.0.2 13241300x800000000000000036340Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-config.exe|e75be4b0a6770696\LinkDate08/24/2021 10:09:53 13241300x800000000000000036339Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-config.exe|e75be4b0a6770696\Publisherthe git development community 13241300x800000000000000036338Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-config.exe|e75be4b0a6770696\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-config.exe 13241300x800000000000000036337Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit.exe|6e74d5dae67b444b\BinProductVersion2.33.0.2 13241300x800000000000000036336Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit.exe|6e74d5dae67b444b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036335Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit.exe|6e74d5dae67b444b\Publisherthe git development community 13241300x800000000000000036334Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit.exe|6e74d5dae67b444b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-commit.exe 13241300x800000000000000036333Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-tree.|e83233ce3cd9ee79\BinProductVersion2.33.0.2 13241300x800000000000000036332Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-tree.|e83233ce3cd9ee79\LinkDate08/24/2021 10:09:53 13241300x800000000000000036331Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-tree.|e83233ce3cd9ee79\Publisherthe git development community 13241300x800000000000000036330Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-tree.|e83233ce3cd9ee79\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-commit-tree.exe 13241300x800000000000000036329Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-graph|d249b2d5436de447\BinProductVersion2.33.0.2 13241300x800000000000000036328Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-graph|d249b2d5436de447\LinkDate08/24/2021 10:09:53 13241300x800000000000000036327Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-graph|d249b2d5436de447\Publisherthe git development community 13241300x800000000000000036326Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-commit-graph|d249b2d5436de447\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-commit-graph.exe 13241300x800000000000000036325Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-column.exe|218c406abdb7f5d8\BinProductVersion2.33.0.2 13241300x800000000000000036324Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-column.exe|218c406abdb7f5d8\LinkDate08/24/2021 10:09:53 13241300x800000000000000036323Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-column.exe|218c406abdb7f5d8\Publisherthe git development community 13241300x800000000000000036322Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-column.exe|218c406abdb7f5d8\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-column.exe 13241300x800000000000000036321Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\BinProductVersion2.33.0.2 13241300x800000000000000036320Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\LinkDate08/24/2021 10:09:53 13241300x800000000000000036319Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\Publisherthe git development community 13241300x800000000000000036318Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\LowerCaseLongPathc:\program files\git\git-cmd.exe 13241300x800000000000000036317Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clone.exe|d02aef8e1b723e2e\BinProductVersion2.33.0.2 13241300x800000000000000036316Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clone.exe|d02aef8e1b723e2e\LinkDate08/24/2021 10:09:53 13241300x800000000000000036315Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clone.exe|d02aef8e1b723e2e\Publisherthe git development community 13241300x800000000000000036314Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clone.exe|d02aef8e1b723e2e\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-clone.exe 13241300x800000000000000036313Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clean.exe|d4eb9fccf53085a4\BinProductVersion2.33.0.2 13241300x800000000000000036312Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clean.exe|d4eb9fccf53085a4\LinkDate08/24/2021 10:09:53 13241300x800000000000000036311Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clean.exe|d4eb9fccf53085a4\Publisherthe git development community 13241300x800000000000000036310Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-clean.exe|d4eb9fccf53085a4\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-clean.exe 13241300x800000000000000036309Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry.exe|e775100e4df4ef32\BinProductVersion2.33.0.2 13241300x800000000000000036308Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry.exe|e775100e4df4ef32\LinkDate08/24/2021 10:09:53 13241300x800000000000000036307Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry.exe|e775100e4df4ef32\Publisherthe git development community 13241300x800000000000000036306Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry.exe|e775100e4df4ef32\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-cherry.exe 13241300x800000000000000036305Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry-pick.|997eacdc80577639\BinProductVersion2.33.0.2 13241300x800000000000000036304Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry-pick.|997eacdc80577639\LinkDate08/24/2021 10:09:53 13241300x800000000000000036303Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry-pick.|997eacdc80577639\Publisherthe git development community 13241300x800000000000000036302Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cherry-pick.|997eacdc80577639\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-cherry-pick.exe 13241300x800000000000000036301Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout.exe|76b55428c67a380b\BinProductVersion2.33.0.2 13241300x800000000000000036300Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout.exe|76b55428c67a380b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036299Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout.exe|76b55428c67a380b\Publisherthe git development community 13241300x800000000000000036298Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout.exe|76b55428c67a380b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-checkout.exe 13241300x800000000000000036297Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout-ind|7b051b3e6750a804\BinProductVersion2.33.0.2 13241300x800000000000000036296Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout-ind|7b051b3e6750a804\LinkDate08/24/2021 10:09:53 13241300x800000000000000036295Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout-ind|7b051b3e6750a804\Publisherthe git development community 13241300x800000000000000036294Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout-ind|7b051b3e6750a804\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-checkout-index.exe 13241300x800000000000000036293Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout--wo|5e17ac3afeabc004\BinProductVersion2.33.0.2 13241300x800000000000000036292Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout--wo|5e17ac3afeabc004\LinkDate08/24/2021 10:09:53 13241300x800000000000000036291Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout--wo|5e17ac3afeabc004\Publisherthe git development community 13241300x800000000000000036290Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-checkout--wo|5e17ac3afeabc004\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-checkout--worker.exe 13241300x800000000000000036289Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ref-fo|4c4aae0ebfb00b85\BinProductVersion2.33.0.2 13241300x800000000000000036288Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ref-fo|4c4aae0ebfb00b85\LinkDate08/24/2021 10:09:53 13241300x800000000000000036287Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ref-fo|4c4aae0ebfb00b85\Publisherthe git development community 13241300x800000000000000036286Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ref-fo|4c4aae0ebfb00b85\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-check-ref-format.exe 13241300x800000000000000036285Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-mailma|ed52c712797b00dc\BinProductVersion2.33.0.2 13241300x800000000000000036284Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-mailma|ed52c712797b00dc\LinkDate08/24/2021 10:09:53 13241300x800000000000000036283Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-mailma|ed52c712797b00dc\Publisherthe git development community 13241300x800000000000000036282Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-mailma|ed52c712797b00dc\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-check-mailmap.exe 13241300x800000000000000036281Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ignore|9bc04723247ac2dd\BinProductVersion2.33.0.2 13241300x800000000000000036280Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ignore|9bc04723247ac2dd\LinkDate08/24/2021 10:09:53 13241300x800000000000000036279Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ignore|9bc04723247ac2dd\Publisherthe git development community 13241300x800000000000000036278Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-ignore|9bc04723247ac2dd\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-check-ignore.exe 13241300x800000000000000036277Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-attr.e|57c1145da335bf27\BinProductVersion2.33.0.2 13241300x800000000000000036276Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-attr.e|57c1145da335bf27\LinkDate08/24/2021 10:09:53 13241300x800000000000000036275Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-attr.e|57c1145da335bf27\Publisherthe git development community 13241300x800000000000000036274Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-check-attr.e|57c1145da335bf27\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-check-attr.exe 13241300x800000000000000036273Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cat-file.exe|d0e6669a50eba4df\BinProductVersion2.33.0.2 13241300x800000000000000036272Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cat-file.exe|d0e6669a50eba4df\LinkDate08/24/2021 10:09:53 13241300x800000000000000036271Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cat-file.exe|d0e6669a50eba4df\Publisherthe git development community 13241300x800000000000000036270Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-cat-file.exe|d0e6669a50eba4df\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-cat-file.exe 13241300x800000000000000036269Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bundle.exe|fac576bd3a94d60b\BinProductVersion2.33.0.2 13241300x800000000000000036268Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bundle.exe|fac576bd3a94d60b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036267Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bundle.exe|fac576bd3a94d60b\Publisherthe git development community 13241300x800000000000000036266Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bundle.exe|fac576bd3a94d60b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-bundle.exe 13241300x800000000000000036265Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bugreport.ex|59a0df6a91883120\BinProductVersion2.33.0.2 13241300x800000000000000036264Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bugreport.ex|59a0df6a91883120\LinkDate08/24/2021 10:09:53 13241300x800000000000000036263Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bugreport.ex|59a0df6a91883120\Publisherthe git development community 13241300x800000000000000036262Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bugreport.ex|59a0df6a91883120\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-bugreport.exe 13241300x800000000000000036261Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-branch.exe|60e03a3ca4e1184b\BinProductVersion2.33.0.2 13241300x800000000000000036260Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-branch.exe|60e03a3ca4e1184b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036259Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-branch.exe|60e03a3ca4e1184b\Publisherthe git development community 13241300x800000000000000036258Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-branch.exe|60e03a3ca4e1184b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-branch.exe 13241300x800000000000000036257Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-blame.exe|695e1b21d217f64a\BinProductVersion2.33.0.2 13241300x800000000000000036256Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-blame.exe|695e1b21d217f64a\LinkDate08/24/2021 10:09:53 13241300x800000000000000036255Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-blame.exe|695e1b21d217f64a\Publisherthe git development community 13241300x800000000000000036254Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-blame.exe|695e1b21d217f64a\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-blame.exe 13241300x800000000000000036253Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bisect--help|2b85661c358f83f3\BinProductVersion2.33.0.2 13241300x800000000000000036252Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bisect--help|2b85661c358f83f3\LinkDate08/24/2021 10:09:53 13241300x800000000000000036251Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bisect--help|2b85661c358f83f3\Publisherthe git development community 13241300x800000000000000036250Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bisect--help|2b85661c358f83f3\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-bisect--helper.exe 13241300x800000000000000036249Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\BinProductVersion2.33.0.2 13241300x800000000000000036248Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036247Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\Publisherthe git development community 13241300x800000000000000036246Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\LowerCaseLongPathc:\program files\git\git-bash.exe 13241300x800000000000000036245Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\BinProductVersion(Empty) 13241300x800000000000000036244Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\LinkDate01/01/1970 00:00:00 13241300x800000000000000036243Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\Publisher(Empty) 13241300x800000000000000036242Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-askyesno.exe 13241300x800000000000000036241Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\BinProductVersion(Empty) 13241300x800000000000000036240Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\LinkDate01/01/1970 00:00:00 13241300x800000000000000036239Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\Publisher(Empty) 13241300x800000000000000036238Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\LowerCaseLongPathc:\program files\git\mingw64\bin\git-askpass.exe 13241300x800000000000000036237Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|ac0f34128b42387d\BinProductVersion1.20.0.0 13241300x800000000000000036236Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|ac0f34128b42387d\LinkDate09/06/2019 12:59:42 13241300x800000000000000036235Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|ac0f34128b42387d\Publishermicrosoft corporation 13241300x800000000000000036234Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-askpass.exe|ac0f34128b42387d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-askpass.exe 13241300x800000000000000036233Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-archive.exe|36a80009064dc962\BinProductVersion2.33.0.2 13241300x800000000000000036232Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-archive.exe|36a80009064dc962\LinkDate08/24/2021 10:09:53 13241300x800000000000000036231Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-archive.exe|36a80009064dc962\Publisherthe git development community 13241300x800000000000000036230Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-archive.exe|36a80009064dc962\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-archive.exe 13241300x800000000000000036229Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-apply.exe|12e49d92e436268f\BinProductVersion2.33.0.2 13241300x800000000000000036228Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-apply.exe|12e49d92e436268f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036227Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-apply.exe|12e49d92e436268f\Publisherthe git development community 13241300x800000000000000036226Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-apply.exe|12e49d92e436268f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-apply.exe 13241300x800000000000000036225Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-annotate.exe|a44a56d360566d96\BinProductVersion2.33.0.2 13241300x800000000000000036224Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-annotate.exe|a44a56d360566d96\LinkDate08/24/2021 10:09:53 13241300x800000000000000036223Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-annotate.exe|a44a56d360566d96\Publisherthe git development community 13241300x800000000000000036222Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-annotate.exe|a44a56d360566d96\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-annotate.exe 13241300x800000000000000036221Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-am.exe|4f482c30f10b83a7\BinProductVersion2.33.0.2 13241300x800000000000000036220Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-am.exe|4f482c30f10b83a7\LinkDate08/24/2021 10:09:53 13241300x800000000000000036219Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-am.exe|4f482c30f10b83a7\Publisherthe git development community 13241300x800000000000000036218Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-am.exe|4f482c30f10b83a7\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-am.exe 13241300x800000000000000036217Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-add.exe|cbf55eec74d083b3\BinProductVersion2.33.0.2 13241300x800000000000000036216Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-add.exe|cbf55eec74d083b3\LinkDate08/24/2021 10:09:53 13241300x800000000000000036215Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-add.exe|cbf55eec74d083b3\Publisherthe git development community 13241300x800000000000000036214Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-add.exe|cbf55eec74d083b3\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-add.exe 13241300x800000000000000036213Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gio-querymodules|c9cec5f8077b3334\BinProductVersion(Empty) 13241300x800000000000000036212Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gio-querymodules|c9cec5f8077b3334\LinkDate01/01/1970 00:00:00 13241300x800000000000000036211Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gio-querymodules|c9cec5f8077b3334\Publisher(Empty) 13241300x800000000000000036210Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gio-querymodules|c9cec5f8077b3334\LowerCaseLongPathc:\program files\git\usr\bin\gio-querymodules.exe 13241300x800000000000000036209Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\BinProductVersion0.19.8.0 13241300x800000000000000036208Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\LinkDate01/01/1970 04:44:00 13241300x800000000000000036207Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\Publisherfree software foundation 13241300x800000000000000036206Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\LowerCaseLongPathc:\program files\git\usr\bin\gettext.exe 13241300x800000000000000036205Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\BinProductVersion0.19.8.0 13241300x800000000000000036204Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\LinkDate01/01/1970 00:00:00 13241300x800000000000000036203Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\Publisherfree software foundation 13241300x800000000000000036202Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\LowerCaseLongPathc:\program files\git\mingw64\bin\gettext.exe 13241300x800000000000000036201Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\BinProductVersion(Empty) 13241300x800000000000000036200Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\LinkDate03/26/2021 22:24:41 13241300x800000000000000036199Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\Publisher(Empty) 13241300x800000000000000036198Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\LowerCaseLongPathc:\program files\git\usr\libexec\getprocaddr64.exe 13241300x800000000000000036197Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\BinProductVersion(Empty) 13241300x800000000000000036196Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\LinkDate03/26/2021 22:24:41 13241300x800000000000000036195Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\Publisher(Empty) 13241300x800000000000000036194Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\LowerCaseLongPathc:\program files\git\usr\libexec\getprocaddr32.exe 13241300x800000000000000036193Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\BinProductVersion(Empty) 13241300x800000000000000036192Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\LinkDate01/01/1970 00:00:00 13241300x800000000000000036191Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\Publisher(Empty) 13241300x800000000000000036190Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\LowerCaseLongPathc:\program files\git\usr\bin\getopt.exe 13241300x800000000000000036189Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\BinProductVersion(Empty) 13241300x800000000000000036188Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\LinkDate03/26/2021 22:24:39 13241300x800000000000000036187Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\Publisher(Empty) 13241300x800000000000000036186Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\LowerCaseLongPathc:\program files\git\usr\bin\getfacl.exe 13241300x800000000000000036185Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\BinProductVersion(Empty) 13241300x800000000000000036184Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\LinkDate03/26/2021 22:24:39 13241300x800000000000000036183Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\Publisher(Empty) 13241300x800000000000000036182Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\LowerCaseLongPathc:\program files\git\usr\bin\getconf.exe 13241300x800000000000000036181Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\BinProductVersion(Empty) 13241300x800000000000000036180Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\LinkDate03/26/2021 22:24:39 13241300x800000000000000036179Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\Publisher(Empty) 13241300x800000000000000036178Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\LowerCaseLongPathc:\program files\git\usr\bin\gencat.exe 13241300x800000000000000036177Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gdbus.exe|bf2693ac7275e90\BinProductVersion(Empty) 13241300x800000000000000036176Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gdbus.exe|bf2693ac7275e90\LinkDate01/01/1970 00:00:00 13241300x800000000000000036175Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gdbus.exe|bf2693ac7275e90\Publisher(Empty) 13241300x800000000000000036174Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gdbus.exe|bf2693ac7275e90\LowerCaseLongPathc:\program files\git\usr\bin\gdbus.exe 13241300x800000000000000036173Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\BinProductVersion(Empty) 13241300x800000000000000036172Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\LinkDate01/01/1970 00:00:00 13241300x800000000000000036171Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\Publisher(Empty) 13241300x800000000000000036170Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\LowerCaseLongPathc:\program files\git\usr\bin\gawk.exe 13241300x800000000000000036169Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\BinProductVersion(Empty) 13241300x800000000000000036168Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\LinkDate01/01/1970 00:00:00 13241300x800000000000000036167Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\Publisher(Empty) 13241300x800000000000000036166Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\LowerCaseLongPathc:\program files\git\usr\bin\gawk-5.0.0.exe 13241300x800000000000000036165Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gapplication.exe|4ee0a6aaade17793\BinProductVersion(Empty) 13241300x800000000000000036164Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gapplication.exe|4ee0a6aaade17793\LinkDate01/01/1970 00:00:00 13241300x800000000000000036163Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gapplication.exe|4ee0a6aaade17793\Publisher(Empty) 13241300x800000000000000036162Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gapplication.exe|4ee0a6aaade17793\LowerCaseLongPathc:\program files\git\usr\bin\gapplication.exe 13241300x800000000000000036161Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\BinProductVersion(Empty) 13241300x800000000000000036160Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\LinkDate05/08/2031 18:06:26 13241300x800000000000000036159Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\Publisher(Empty) 13241300x800000000000000036158Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\LowerCaseLongPathc:\program files\git\usr\bin\funzip.exe 13241300x800000000000000036157Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\BinProductVersion(Empty) 13241300x800000000000000036156Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\LinkDate01/01/1970 00:00:00 13241300x800000000000000036155Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\Publisher(Empty) 13241300x800000000000000036154Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\LowerCaseLongPathc:\program files\git\usr\libexec\frcode.exe 13241300x800000000000000036153Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\BinProductVersion(Empty) 13241300x800000000000000036152Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\LinkDate01/01/1970 00:00:00 13241300x800000000000000036151Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\Publisher(Empty) 13241300x800000000000000036150Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\LowerCaseLongPathc:\program files\git\usr\bin\fold.exe 13241300x800000000000000036149Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\BinProductVersion(Empty) 13241300x800000000000000036148Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\LinkDate01/01/1970 00:00:00 13241300x800000000000000036147Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\Publisher(Empty) 13241300x800000000000000036146Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\LowerCaseLongPathc:\program files\git\usr\bin\fmt.exe 13241300x800000000000000036145Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\BinProductVersion(Empty) 13241300x800000000000000036144Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\LinkDate01/01/1970 00:00:00 13241300x800000000000000036143Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\Publisher(Empty) 13241300x800000000000000036142Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\LowerCaseLongPathc:\program files\git\usr\bin\find.exe 13241300x800000000000000036141Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\BinProductVersion(Empty) 13241300x800000000000000036140Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\LinkDate01/01/1970 00:00:00 13241300x800000000000000036139Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\Publisher(Empty) 13241300x800000000000000036138Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\LowerCaseLongPathc:\program files\git\usr\bin\file.exe 13241300x800000000000000036137Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-token.exe|a3c5680a4f7259a\BinProductVersion(Empty) 13241300x800000000000000036136Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-token.exe|a3c5680a4f7259a\LinkDate01/01/1970 00:00:00 13241300x800000000000000036135Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-token.exe|a3c5680a4f7259a\Publisher(Empty) 13241300x800000000000000036134Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-token.exe|a3c5680a4f7259a\LowerCaseLongPathc:\program files\git\usr\bin\fido2-token.exe 13241300x800000000000000036133Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-cred.exe|c2222f8371b081a5\BinProductVersion(Empty) 13241300x800000000000000036132Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-cred.exe|c2222f8371b081a5\LinkDate01/01/1970 00:00:00 13241300x800000000000000036131Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-cred.exe|c2222f8371b081a5\Publisher(Empty) 13241300x800000000000000036130Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-cred.exe|c2222f8371b081a5\LowerCaseLongPathc:\program files\git\usr\bin\fido2-cred.exe 13241300x800000000000000036129Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-assert.exe|94d2ea2ef1445ec9\BinProductVersion(Empty) 13241300x800000000000000036128Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-assert.exe|94d2ea2ef1445ec9\LinkDate01/01/1970 00:00:00 13241300x800000000000000036127Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-assert.exe|94d2ea2ef1445ec9\Publisher(Empty) 13241300x800000000000000036126Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\fido2-assert.exe|94d2ea2ef1445ec9\LowerCaseLongPathc:\program files\git\usr\bin\fido2-assert.exe 13241300x800000000000000036125Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\BinProductVersion(Empty) 13241300x800000000000000036124Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\LinkDate01/01/1970 00:00:00 13241300x800000000000000036123Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\Publisher(Empty) 13241300x800000000000000036122Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\LowerCaseLongPathc:\program files\git\usr\bin\false.exe 13241300x800000000000000036121Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\BinProductVersion(Empty) 13241300x800000000000000036120Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\LinkDate01/01/1970 00:00:00 13241300x800000000000000036119Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\Publisher(Empty) 13241300x800000000000000036118Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\LowerCaseLongPathc:\program files\git\usr\bin\factor.exe 13241300x800000000000000036117Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\BinProductVersion(Empty) 13241300x800000000000000036116Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\LinkDate01/01/1970 00:00:00 13241300x800000000000000036115Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\Publisher(Empty) 13241300x800000000000000036114Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\LowerCaseLongPathc:\program files\git\usr\bin\expr.exe 13241300x800000000000000036113Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\BinProductVersion(Empty) 13241300x800000000000000036112Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\LinkDate01/01/1970 00:00:00 13241300x800000000000000036111Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\Publisher(Empty) 13241300x800000000000000036110Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\LowerCaseLongPathc:\program files\git\usr\bin\expand.exe 13241300x800000000000000036109Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\BinProductVersion(Empty) 13241300x800000000000000036108Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\LinkDate01/01/1970 00:00:00 13241300x800000000000000036107Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\Publisher(Empty) 13241300x800000000000000036106Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\LowerCaseLongPathc:\program files\git\usr\bin\ex.exe 13241300x800000000000000036105Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\BinProductVersion0.19.8.0 13241300x800000000000000036104Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\LinkDate01/01/1970 00:00:00 13241300x800000000000000036103Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\Publisherfree software foundation 13241300x800000000000000036102Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\LowerCaseLongPathc:\program files\git\mingw64\bin\envsubst.exe 13241300x800000000000000036101Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\BinProductVersion0.19.8.0 13241300x800000000000000036100Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\LinkDate12/01/2031 01:05:42 13241300x800000000000000036099Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\Publisherfree software foundation 13241300x800000000000000036098Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\LowerCaseLongPathc:\program files\git\usr\bin\envsubst.exe 13241300x800000000000000036097Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\BinProductVersion(Empty) 13241300x800000000000000036096Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\LinkDate01/01/1970 00:00:00 13241300x800000000000000036095Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\Publisher(Empty) 13241300x800000000000000036094Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\LowerCaseLongPathc:\program files\git\usr\bin\env.exe 13241300x800000000000000036093Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\BinProductVersion(Empty) 13241300x800000000000000036092Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\LinkDate01/01/1970 00:00:00 13241300x800000000000000036091Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\Publisher(Empty) 13241300x800000000000000036090Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\LowerCaseLongPathc:\program files\git\mingw64\bin\edit_test_dll.exe 13241300x800000000000000036089Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\BinProductVersion(Empty) 13241300x800000000000000036088Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\LinkDate01/01/1970 00:00:00 13241300x800000000000000036087Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\Publisher(Empty) 13241300x800000000000000036086Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000036085Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\LowerCaseLongPathc:\program files\git\mingw64\bin\edit_test.exe 13241300x800000000000000036084Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000036083Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000036082Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d7a652-0x0b95d341) 13241300x800000000000000036081Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\BinProductVersion(Empty) 13241300x800000000000000036080Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036079Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000036078Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:14.261{7BD73061-65B2-613B-1300-00000000F001}92C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 13241300x800000000000000036077Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\Publisher(Empty) 13241300x800000000000000036076Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\LowerCaseLongPathc:\program files\git\mingw64\share\git\edit-git-bash.exe 13241300x800000000000000036075Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\echo.exe|263446599120623a\BinProductVersion(Empty) 13241300x800000000000000036074Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\echo.exe|263446599120623a\LinkDate01/01/1970 00:00:00 13241300x800000000000000036073Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\echo.exe|263446599120623a\Publisher(Empty) 13241300x800000000000000036072Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\echo.exe|263446599120623a\LowerCaseLongPathc:\program files\git\usr\bin\echo.exe 13241300x800000000000000036071Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\BinProductVersion(Empty) 13241300x800000000000000036070Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\LinkDate01/01/1970 00:00:00 13241300x800000000000000036069Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\Publisher(Empty) 13241300x800000000000000036068Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\LowerCaseLongPathc:\program files\git\usr\bin\dumpsexp.exe 13241300x800000000000000036067Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\BinProductVersion(Empty) 13241300x800000000000000036066Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\LinkDate01/01/1970 00:00:00 13241300x800000000000000036065Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\Publisher(Empty) 13241300x800000000000000036064Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\LowerCaseLongPathc:\program files\git\usr\bin\du.exe 13241300x800000000000000036063Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\BinProductVersion(Empty) 13241300x800000000000000036062Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\LinkDate01/01/1970 00:00:00 13241300x800000000000000036061Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\Publisher(Empty) 13241300x800000000000000036060Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\LowerCaseLongPathc:\program files\git\usr\bin\dos2unix.exe 13241300x800000000000000036059Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\BinProductVersion(Empty) 13241300x800000000000000036058Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\LinkDate01/01/1970 00:00:00 13241300x800000000000000036057Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\Publisher(Empty) 13241300x800000000000000036056Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\LowerCaseLongPathc:\program files\git\usr\bin\dirname.exe 13241300x800000000000000036055Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\BinProductVersion(Empty) 13241300x800000000000000036054Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\LinkDate01/01/1970 00:00:00 13241300x800000000000000036053Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\Publisher(Empty) 13241300x800000000000000036052Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\LowerCaseLongPathc:\program files\git\usr\bin\dirmngr.exe 13241300x800000000000000036051Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\BinProductVersion(Empty) 13241300x800000000000000036050Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\LinkDate01/01/1970 00:00:00 13241300x800000000000000036049Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\Publisher(Empty) 13241300x800000000000000036048Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\LowerCaseLongPathc:\program files\git\usr\bin\dirmngr-client.exe 13241300x800000000000000036047Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\BinProductVersion(Empty) 13241300x800000000000000036046Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\LinkDate01/01/1970 00:00:00 13241300x800000000000000036045Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\Publisher(Empty) 13241300x800000000000000036044Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\LowerCaseLongPathc:\program files\git\usr\bin\dircolors.exe 13241300x800000000000000036043Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\BinProductVersion(Empty) 13241300x800000000000000036042Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\LinkDate01/01/1970 00:00:00 13241300x800000000000000036041Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\Publisher(Empty) 13241300x800000000000000036040Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\LowerCaseLongPathc:\program files\git\usr\bin\dir.exe 13241300x800000000000000036039Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\BinProductVersion(Empty) 13241300x800000000000000036038Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\LinkDate01/01/1970 00:00:00 13241300x800000000000000036037Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\Publisher(Empty) 13241300x800000000000000036036Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\LowerCaseLongPathc:\program files\git\usr\bin\diff3.exe 13241300x800000000000000036035Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\BinProductVersion(Empty) 13241300x800000000000000036034Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\LinkDate01/01/1970 00:00:00 13241300x800000000000000036033Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\Publisher(Empty) 13241300x800000000000000036032Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\LowerCaseLongPathc:\program files\git\usr\bin\diff.exe 13241300x800000000000000036031Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\BinProductVersion(Empty) 13241300x800000000000000036030Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\LinkDate01/01/1970 00:00:00 13241300x800000000000000036029Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\Publisher(Empty) 13241300x800000000000000036028Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.261{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\LowerCaseLongPathc:\program files\git\usr\bin\df.exe 13241300x800000000000000036027Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\BinProductVersion(Empty) 13241300x800000000000000036026Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\LinkDate01/01/1970 00:00:00 13241300x800000000000000036025Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\Publisher(Empty) 13241300x800000000000000036024Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\LowerCaseLongPathc:\program files\git\usr\bin\dd.exe 13241300x800000000000000036023Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\BinProductVersion(Empty) 13241300x800000000000000036022Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\LinkDate01/01/1970 00:00:00 13241300x800000000000000036021Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\Publisher(Empty) 13241300x800000000000000036020Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\LowerCaseLongPathc:\program files\git\usr\bin\date.exe 13241300x800000000000000036019Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\BinProductVersion(Empty) 13241300x800000000000000036018Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\LinkDate01/01/1970 00:00:00 13241300x800000000000000036017Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\Publisher(Empty) 13241300x800000000000000036016Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\LowerCaseLongPathc:\program files\git\usr\bin\dash.exe 13241300x800000000000000036015Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\BinProductVersion(Empty) 13241300x800000000000000036014Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\LinkDate01/01/1970 00:00:00 13241300x800000000000000036013Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\Publisher(Empty) 13241300x800000000000000036012Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\LowerCaseLongPathc:\program files\git\usr\bin\d2u.exe 13241300x800000000000000036011Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\BinProductVersion(Empty) 13241300x800000000000000036010Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\LinkDate03/26/2021 22:24:41 13241300x800000000000000036009Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\Publisher(Empty) 13241300x800000000000000036008Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\LowerCaseLongPathc:\program files\git\usr\bin\cygwin-console-helper.exe 13241300x800000000000000036007Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\BinProductVersion(Empty) 13241300x800000000000000036006Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\LinkDate03/26/2021 22:24:39 13241300x800000000000000036005Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\Publisher(Empty) 13241300x800000000000000036004Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\LowerCaseLongPathc:\program files\git\usr\bin\cygpath.exe 13241300x800000000000000036003Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\BinProductVersion(Empty) 13241300x800000000000000036002Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\LinkDate03/26/2021 22:24:41 13241300x800000000000000036001Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\Publisher(Empty) 13241300x800000000000000036000Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\LowerCaseLongPathc:\program files\git\usr\bin\cygcheck.exe 13241300x800000000000000035999Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\BinProductVersion(Empty) 13241300x800000000000000035998Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\LinkDate01/01/1970 00:00:00 13241300x800000000000000035997Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\Publisher(Empty) 13241300x800000000000000035996Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\LowerCaseLongPathc:\program files\git\usr\bin\cut.exe 13241300x800000000000000035995Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\BinProductVersion(Empty) 13241300x800000000000000035994Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\LinkDate08/18/2021 09:19:51 13241300x800000000000000035993Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\Publisher(Empty) 13241300x800000000000000035992Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\LowerCaseLongPathc:\program files\git\mingw64\bin\curl.exe 13241300x800000000000000035991Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\BinProductVersion(Empty) 13241300x800000000000000035990Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\LinkDate01/01/1970 00:00:00 13241300x800000000000000035989Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\Publisher(Empty) 13241300x800000000000000035988Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\LowerCaseLongPathc:\program files\git\usr\bin\csplit.exe 13241300x800000000000000035987Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\BinProductVersion(Empty) 13241300x800000000000000035986Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\LinkDate01/01/1970 00:00:00 13241300x800000000000000035985Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\Publisher(Empty) 13241300x800000000000000035984Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\LowerCaseLongPathc:\program files\git\mingw64\bin\create-shortcut.exe 13241300x800000000000000035983Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\BinProductVersion(Empty) 13241300x800000000000000035982Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\LinkDate01/01/1970 00:00:00 13241300x800000000000000035981Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\Publisher(Empty) 13241300x800000000000000035980Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\LowerCaseLongPathc:\program files\git\usr\bin\cp.exe 13241300x800000000000000035979Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\BinProductVersion(Empty) 13241300x800000000000000035978Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\LinkDate01/01/1970 00:00:00 13241300x800000000000000035977Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\Publisher(Empty) 13241300x800000000000000035976Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\LowerCaseLongPathc:\program files\git\mingw64\bin\connect.exe 13241300x800000000000000035975Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\BinProductVersion2.33.0.2 13241300x800000000000000035974Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\LinkDate08/24/2021 10:09:53 13241300x800000000000000035973Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\Publisherthe git development community 13241300x800000000000000035972Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\LowerCaseLongPathc:\program files\git\mingw64\share\git\compat-bash.exe 13241300x800000000000000035971Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\BinProductVersion(Empty) 13241300x800000000000000035970Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\LinkDate01/01/1970 00:00:00 13241300x800000000000000035969Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\Publisher(Empty) 13241300x800000000000000035968Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\LowerCaseLongPathc:\program files\git\usr\bin\comm.exe 13241300x800000000000000035967Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\BinProductVersion(Empty) 13241300x800000000000000035966Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\LinkDate01/01/1970 00:00:00 13241300x800000000000000035965Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\Publisher(Empty) 13241300x800000000000000035964Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\LowerCaseLongPathc:\program files\git\usr\bin\column.exe 13241300x800000000000000035963Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\BinProductVersion(Empty) 13241300x800000000000000035962Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\LinkDate01/01/1970 00:00:00 13241300x800000000000000035961Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\Publisher(Empty) 13241300x800000000000000035960Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\LowerCaseLongPathc:\program files\git\usr\bin\cmp.exe 13241300x800000000000000035959Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\BinProductVersion(Empty) 13241300x800000000000000035958Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\LinkDate01/01/1970 00:00:00 13241300x800000000000000035957Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\Publisher(Empty) 13241300x800000000000000035956Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\LowerCaseLongPathc:\program files\git\usr\bin\clear.exe 13241300x800000000000000035955Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\BinProductVersion(Empty) 13241300x800000000000000035954Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\LinkDate10/26/1974 18:18:40 13241300x800000000000000035953Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\Publisher(Empty) 13241300x800000000000000035952Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\LowerCaseLongPathc:\program files\git\usr\lib\gettext\cldr-plurals.exe 13241300x800000000000000035951Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\BinProductVersion(Empty) 13241300x800000000000000035950Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\LinkDate01/01/1970 00:00:00 13241300x800000000000000035949Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\Publisher(Empty) 13241300x800000000000000035948Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\LowerCaseLongPathc:\program files\git\usr\bin\cksum.exe 13241300x800000000000000035947Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\BinProductVersion(Empty) 13241300x800000000000000035946Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\LinkDate01/01/1970 00:00:00 13241300x800000000000000035945Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\Publisher(Empty) 13241300x800000000000000035944Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\LowerCaseLongPathc:\program files\git\usr\bin\chroot.exe 13241300x800000000000000035943Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\BinProductVersion(Empty) 13241300x800000000000000035942Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\LinkDate01/01/1970 00:00:00 13241300x800000000000000035941Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\Publisher(Empty) 13241300x800000000000000035940Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\LowerCaseLongPathc:\program files\git\usr\bin\chown.exe 13241300x800000000000000035939Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\BinProductVersion(Empty) 13241300x800000000000000035938Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\LinkDate01/01/1970 00:00:00 13241300x800000000000000035937Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\Publisher(Empty) 13241300x800000000000000035936Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\LowerCaseLongPathc:\program files\git\usr\bin\chmod.exe 13241300x800000000000000035935Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\BinProductVersion(Empty) 13241300x800000000000000035934Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\LinkDate01/01/1970 00:00:00 13241300x800000000000000035933Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\Publisher(Empty) 13241300x800000000000000035932Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\LowerCaseLongPathc:\program files\git\usr\bin\chgrp.exe 13241300x800000000000000035931Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\BinProductVersion(Empty) 13241300x800000000000000035930Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\LinkDate01/01/1970 00:00:00 13241300x800000000000000035929Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\Publisher(Empty) 13241300x800000000000000035928Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\LowerCaseLongPathc:\program files\git\usr\bin\chcon.exe 13241300x800000000000000035927Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\BinProductVersion(Empty) 13241300x800000000000000035926Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\LinkDate03/26/2021 22:24:39 13241300x800000000000000035925Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\Publisher(Empty) 13241300x800000000000000035924Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\LowerCaseLongPathc:\program files\git\usr\bin\chattr.exe 13241300x800000000000000035923Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\BinProductVersion(Empty) 13241300x800000000000000035922Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\LinkDate01/01/1970 00:00:00 13241300x800000000000000035921Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\Publisher(Empty) 13241300x800000000000000035920Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\LowerCaseLongPathc:\program files\git\usr\bin\cat.exe 13241300x800000000000000035919Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\BinProductVersion(Empty) 13241300x800000000000000035918Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\LinkDate01/01/1970 00:00:00 13241300x800000000000000035917Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\Publisher(Empty) 23542300x800000000000000013426Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:14.100{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=738D39FB07FD51EE665A02035597DF84,SHA256=BAFFC126FC4B76CC6D6238E4BCCDA3C2F6785DD64149E631E8ABD82AB33D11BF,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000035916Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\LowerCaseLongPathc:\program files\git\usr\bin\captoinfo.exe 13241300x800000000000000035915Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\BinProductVersion(Empty) 13241300x800000000000000035914Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\LinkDate01/01/1970 00:00:00 13241300x800000000000000035913Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\Publisher(Empty) 13241300x800000000000000035912Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\LowerCaseLongPathc:\program files\git\mingw64\bin\bzip2recover.exe 13241300x800000000000000035911Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\BinProductVersion(Empty) 13241300x800000000000000035910Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\LinkDate01/01/1970 00:00:00 13241300x800000000000000035909Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\Publisher(Empty) 13241300x800000000000000035908Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\LowerCaseLongPathc:\program files\git\usr\bin\bzip2recover.exe 13241300x800000000000000035907Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\BinProductVersion(Empty) 13241300x800000000000000035906Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\LinkDate01/01/1970 00:00:00 13241300x800000000000000035905Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\Publisher(Empty) 13241300x800000000000000035904Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\LowerCaseLongPathc:\program files\git\mingw64\bin\bzip2.exe 13241300x800000000000000035903Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\BinProductVersion(Empty) 13241300x800000000000000035902Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\LinkDate01/01/1970 00:00:00 13241300x800000000000000035901Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\Publisher(Empty) 13241300x800000000000000035900Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\LowerCaseLongPathc:\program files\git\usr\bin\bzip2.exe 13241300x800000000000000035899Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\BinProductVersion(Empty) 13241300x800000000000000035898Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\LinkDate01/01/1970 00:00:00 13241300x800000000000000035897Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\Publisher(Empty) 13241300x800000000000000035896Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\LowerCaseLongPathc:\program files\git\usr\bin\bzcat.exe 13241300x800000000000000035895Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\BinProductVersion(Empty) 13241300x800000000000000035894Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\LinkDate01/01/1970 00:00:00 13241300x800000000000000035893Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\Publisher(Empty) 13241300x800000000000000035892Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\LowerCaseLongPathc:\program files\git\mingw64\bin\bzcat.exe 13241300x800000000000000035891Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\BinProductVersion(Empty) 13241300x800000000000000035890Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\LinkDate01/01/1970 00:00:00 13241300x800000000000000035889Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\Publisher(Empty) 13241300x800000000000000035888Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\LowerCaseLongPathc:\program files\git\mingw64\bin\bunzip2.exe 13241300x800000000000000035887Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\BinProductVersion(Empty) 13241300x800000000000000035886Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\LinkDate01/01/1970 00:00:00 13241300x800000000000000035885Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\Publisher(Empty) 13241300x800000000000000035884Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\LowerCaseLongPathc:\program files\git\usr\bin\bunzip2.exe 13241300x800000000000000035883Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\BinProductVersion(Empty) 13241300x800000000000000035882Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\LinkDate01/01/1970 00:00:00 13241300x800000000000000035881Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\Publisher(Empty) 13241300x800000000000000035880Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\LowerCaseLongPathc:\program files\git\mingw64\bin\brotli.exe 13241300x800000000000000035879Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\BinProductVersion(Empty) 13241300x800000000000000035878Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\LinkDate01/01/1970 00:00:00 13241300x800000000000000035877Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\Publisher(Empty) 13241300x800000000000000035876Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\LowerCaseLongPathc:\program files\git\mingw64\bin\blocked-file-util.exe 13241300x800000000000000035875Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\BinProductVersion2.33.0.2 13241300x800000000000000035874Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\LinkDate08/24/2021 10:09:53 13241300x800000000000000035873Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\Publisherthe git development community 13241300x800000000000000035872Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\LowerCaseLongPathc:\program files\git\bin\bash.exe 13241300x800000000000000035871Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\BinProductVersion(Empty) 13241300x800000000000000035870Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\LinkDate12/04/2018 10:21:15 13241300x800000000000000035869Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\Publisher(Empty) 13241300x800000000000000035868Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\LowerCaseLongPathc:\program files\git\usr\bin\bash.exe 13241300x800000000000000035867Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\BinProductVersion(Empty) 13241300x800000000000000035866Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\LinkDate01/01/1970 00:00:00 13241300x800000000000000035865Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\Publisher(Empty) 13241300x800000000000000035864Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\LowerCaseLongPathc:\program files\git\usr\bin\basenc.exe 13241300x800000000000000035863Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\BinProductVersion(Empty) 13241300x800000000000000035862Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\LinkDate01/01/1970 00:00:00 13241300x800000000000000035861Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\Publisher(Empty) 13241300x800000000000000035860Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\LowerCaseLongPathc:\program files\git\usr\bin\basename.exe 13241300x800000000000000035859Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\BinProductVersion(Empty) 13241300x800000000000000035858Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\LinkDate01/01/1970 00:00:00 13241300x800000000000000035857Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\Publisher(Empty) 13241300x800000000000000035856Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\LowerCaseLongPathc:\program files\git\usr\bin\base64.exe 13241300x800000000000000035855Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\BinProductVersion(Empty) 13241300x800000000000000035854Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\LinkDate01/01/1970 00:00:00 13241300x800000000000000035853Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\Publisher(Empty) 13241300x800000000000000035852Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\LowerCaseLongPathc:\program files\git\usr\bin\base32.exe 13241300x800000000000000035851Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\BinProductVersion(Empty) 13241300x800000000000000035850Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\LinkDate01/01/1970 00:00:00 13241300x800000000000000035849Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.246{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\Publisher(Empty) 13241300x800000000000000035848Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\LowerCaseLongPathc:\program files\git\usr\bin\b2sum.exe 13241300x800000000000000035847Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\BinProductVersion(Empty) 13241300x800000000000000035846Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\LinkDate01/01/1970 00:00:00 13241300x800000000000000035845Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\Publisher(Empty) 13241300x800000000000000035844Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\LowerCaseLongPathc:\program files\git\usr\bin\awk.exe 13241300x800000000000000035843Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\atlassian.bitbuc|c03cc9e8c801d513\BinProductVersion2.0.498.0 13241300x800000000000000035842Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\atlassian.bitbuc|c03cc9e8c801d513\LinkDate01/15/2077 00:12:40 13241300x800000000000000035841Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\atlassian.bitbuc|c03cc9e8c801d513\Publisheratlassian.bitbucket.ui 13241300x800000000000000035840Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\atlassian.bitbuc|c03cc9e8c801d513\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\atlassian.bitbucket.ui.exe 13241300x800000000000000035839Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\BinProductVersion(Empty) 13241300x800000000000000035838Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\LinkDate01/01/1970 00:00:00 13241300x800000000000000035837Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\Publisher(Empty) 13241300x800000000000000035836Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\LowerCaseLongPathc:\program files\git\usr\bin\arch.exe 13241300x800000000000000035835Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\BinProductVersion(Empty) 13241300x800000000000000035834Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\LinkDate01/01/1970 00:00:00 13241300x800000000000000035833Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\Publisher(Empty) 13241300x800000000000000035832Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\LowerCaseLongPathc:\program files\git\mingw64\bin\antiword.exe 13241300x800000000000000035831Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\BinProductVersion(Empty) 13241300x800000000000000035830Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\LinkDate01/01/1970 00:00:00 13241300x800000000000000035829Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\Publisher(Empty) 13241300x800000000000000035828Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\LowerCaseLongPathc:\program files\git\mingw64\bin\ahost.exe 13241300x800000000000000035827Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\BinProductVersion(Empty) 13241300x800000000000000035826Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\LinkDate01/01/1970 00:00:00 13241300x800000000000000035825Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\Publisher(Empty) 13241300x800000000000000035824Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\LowerCaseLongPathc:\program files\git\mingw64\bin\adig.exe 13241300x800000000000000035823Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\BinProductVersion(Empty) 13241300x800000000000000035822Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\LinkDate01/01/1970 00:00:00 13241300x800000000000000035821Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\Publisher(Empty) 13241300x800000000000000035820Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\LowerCaseLongPathc:\program files\git\mingw64\bin\acountry.exe 13241300x800000000000000035819Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\BinProductVersion(Empty) 13241300x800000000000000035818Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\LinkDate01/01/1970 00:00:00 13241300x800000000000000035817Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\Publisher(Empty) 13241300x800000000000000035816Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\LowerCaseLongPathc:\program files\git\usr\bin\[.exe 13241300x800000000000000035815Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.230{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000cf6bcbd173601d5a06d08c5c197a52c40000ffff\PublisherThe Git Development Community 13241300x800000000000000037280Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\Publisher(Empty) 13241300x800000000000000037279Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\LowerCaseLongPathc:\program files\git\usr\bin\pathchk.exe 13241300x800000000000000037278Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\BinProductVersion(Empty) 13241300x800000000000000037277Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037276Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\Publisher(Empty) 13241300x800000000000000037275Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\LowerCaseLongPathc:\program files\git\usr\bin\patch.exe 13241300x800000000000000037274Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\BinProductVersion(Empty) 13241300x800000000000000037273Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\LinkDate01/01/1970 00:00:00 13241300x800000000000000037272Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\Publisher(Empty) 13241300x800000000000000037271Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\LowerCaseLongPathc:\program files\git\usr\bin\paste.exe 13241300x800000000000000037270Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\BinProductVersion(Empty) 13241300x800000000000000037269Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\LinkDate03/26/2021 22:24:40 13241300x800000000000000037268Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\Publisher(Empty) 13241300x800000000000000037267Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\LowerCaseLongPathc:\program files\git\usr\bin\passwd.exe 13241300x800000000000000037266Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\BinProductVersion(Empty) 13241300x800000000000000037265Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037264Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\Publisher(Empty) 13241300x800000000000000037263Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\LowerCaseLongPathc:\program files\git\usr\bin\p11-kit.exe 13241300x800000000000000037262Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\BinProductVersion(Empty) 13241300x800000000000000037261Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\LinkDate01/01/1970 00:00:00 13241300x800000000000000037260Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\Publisher(Empty) 13241300x800000000000000037259Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\LowerCaseLongPathc:\program files\git\usr\libexec\p11-kit\p11-kit-server.exe 13241300x800000000000000037258Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\BinProductVersion(Empty) 13241300x800000000000000037257Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\LinkDate01/01/1970 00:00:00 13241300x800000000000000037256Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\Publisher(Empty) 13241300x800000000000000037255Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\LowerCaseLongPathc:\program files\git\usr\libexec\p11-kit\p11-kit-remote.exe 13241300x800000000000000037254Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\BinProductVersion1.1.1.11 13241300x800000000000000037253Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\LinkDate03/25/2021 15:20:47 13241300x800000000000000037252Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\Publisherthe openssl project, https://www.openssl.org/ 13241300x800000000000000037251Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\LowerCaseLongPathc:\program files\git\mingw64\bin\openssl.exe 13241300x800000000000000037250Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\BinProductVersion1.1.1.11 13241300x800000000000000037249Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\LinkDate01/01/1970 00:00:00 13241300x800000000000000037248Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\Publisherthe openssl project, https://www.openssl.org/ 13241300x800000000000000037247Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\LowerCaseLongPathc:\program files\git\usr\bin\openssl.exe 13241300x800000000000000037246Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\BinProductVersion(Empty) 13241300x800000000000000037245Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037244Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\Publisher(Empty) 13241300x800000000000000037243Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\LowerCaseLongPathc:\program files\git\mingw64\bin\odt2txt.exe 13241300x800000000000000037242Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\BinProductVersion(Empty) 13241300x800000000000000037241Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037240Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\Publisher(Empty) 13241300x800000000000000037239Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\LowerCaseLongPathc:\program files\git\usr\bin\od.exe 13241300x800000000000000037238Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\BinProductVersion(Empty) 13241300x800000000000000037237Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\LinkDate01/01/1970 00:00:00 13241300x800000000000000037236Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\Publisher(Empty) 13241300x800000000000000037235Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\LowerCaseLongPathc:\program files\git\usr\bin\numfmt.exe 13241300x800000000000000037234Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\BinProductVersion(Empty) 13241300x800000000000000037233Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\LinkDate01/01/1970 00:00:00 13241300x800000000000000037232Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\Publisher(Empty) 13241300x800000000000000037231Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\LowerCaseLongPathc:\program files\git\usr\bin\nproc.exe 13241300x800000000000000037230Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\BinProductVersion(Empty) 13241300x800000000000000037229Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037228Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\Publisher(Empty) 13241300x800000000000000037227Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\LowerCaseLongPathc:\program files\git\usr\bin\nohup.exe 13241300x800000000000000037226Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\BinProductVersion(Empty) 13241300x800000000000000037225Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\LinkDate01/01/1970 00:00:00 13241300x800000000000000037224Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\Publisher(Empty) 13241300x800000000000000037223Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\LowerCaseLongPathc:\program files\git\usr\bin\nl.exe 13241300x800000000000000037222Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\BinProductVersion(Empty) 13241300x800000000000000037221Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037220Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\Publisher(Empty) 13241300x800000000000000037219Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\LowerCaseLongPathc:\program files\git\usr\bin\nice.exe 13241300x800000000000000037218Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\BinProductVersion0.19.8.0 13241300x800000000000000037217Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\LinkDate01/01/1970 00:00:02 13241300x800000000000000037216Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\Publisherfree software foundation 13241300x800000000000000037215Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\LowerCaseLongPathc:\program files\git\usr\bin\ngettext.exe 13241300x800000000000000037214Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\BinProductVersion(Empty) 13241300x800000000000000037213Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\LinkDate01/01/1970 00:00:00 13241300x800000000000000037212Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\Publisher(Empty) 13241300x800000000000000037211Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\LowerCaseLongPathc:\program files\git\usr\bin\nettle-pbkdf2.exe 13241300x800000000000000037210Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\BinProductVersion(Empty) 13241300x800000000000000037209Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\LinkDate01/01/1970 00:00:00 13241300x800000000000000037208Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\Publisher(Empty) 13241300x800000000000000037207Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\LowerCaseLongPathc:\program files\git\usr\bin\nettle-lfib-stream.exe 13241300x800000000000000037206Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\BinProductVersion(Empty) 13241300x800000000000000037205Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\LinkDate01/01/1970 00:00:00 13241300x800000000000000037204Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\Publisher(Empty) 13241300x800000000000000037203Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\LowerCaseLongPathc:\program files\git\usr\bin\nettle-hash.exe 13241300x800000000000000037202Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\BinProductVersion(Empty) 13241300x800000000000000037201Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\LinkDate01/01/1970 00:00:00 13241300x800000000000000037200Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\Publisher(Empty) 13241300x800000000000000037199Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\LowerCaseLongPathc:\program files\git\usr\bin\nano.exe 13241300x800000000000000037198Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\BinProductVersion(Empty) 13241300x800000000000000037197Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037196Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\Publisher(Empty) 13241300x800000000000000037195Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\LowerCaseLongPathc:\program files\git\usr\bin\mv.exe 13241300x800000000000000037194Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\BinProductVersion(Empty) 13241300x800000000000000037193Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\LinkDate01/01/1970 00:00:01 13241300x800000000000000037192Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\Publisher(Empty) 13241300x800000000000000037191Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\LowerCaseLongPathc:\program files\git\usr\bin\msguniq.exe 13241300x800000000000000037190Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\BinProductVersion(Empty) 13241300x800000000000000037189Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\LinkDate06/19/2025 15:30:53 13241300x800000000000000037188Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\Publisher(Empty) 13241300x800000000000000037187Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\LowerCaseLongPathc:\program files\git\usr\bin\msgunfmt.exe 13241300x800000000000000037186Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\BinProductVersion(Empty) 13241300x800000000000000037185Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\LinkDate06/19/2025 15:30:53 13241300x800000000000000037184Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\Publisher(Empty) 13241300x800000000000000037183Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\LowerCaseLongPathc:\program files\git\usr\bin\msgmerge.exe 13241300x800000000000000037182Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\BinProductVersion(Empty) 13241300x800000000000000037181Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\LinkDate01/18/2021 06:51:50 13241300x800000000000000037180Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\Publisher(Empty) 13241300x800000000000000037179Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\LowerCaseLongPathc:\program files\git\usr\bin\msginit.exe 13241300x800000000000000037178Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\BinProductVersion(Empty) 13241300x800000000000000037177Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\LinkDate01/01/1970 00:00:00 13241300x800000000000000037176Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\Publisher(Empty) 13241300x800000000000000037175Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\LowerCaseLongPathc:\program files\git\usr\bin\msggrep.exe 13241300x800000000000000037174Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\BinProductVersion(Empty) 13241300x800000000000000037173Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\LinkDate06/19/2025 15:30:53 13241300x800000000000000037172Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\Publisher(Empty) 13241300x800000000000000037171Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\LowerCaseLongPathc:\program files\git\usr\bin\msgfmt.exe 13241300x800000000000000037170Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\BinProductVersion(Empty) 13241300x800000000000000037169Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\LinkDate01/01/1970 00:00:00 13241300x800000000000000037168Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\Publisher(Empty) 13241300x800000000000000037167Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\LowerCaseLongPathc:\program files\git\usr\bin\msgfilter.exe 13241300x800000000000000037166Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\BinProductVersion(Empty) 13241300x800000000000000037165Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\LinkDate01/01/1970 00:00:01 13241300x800000000000000037164Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\Publisher(Empty) 13241300x800000000000000037163Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\LowerCaseLongPathc:\program files\git\usr\bin\msgexec.exe 13241300x800000000000000037162Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\BinProductVersion(Empty) 13241300x800000000000000037161Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\LinkDate06/19/2025 15:30:53 13241300x800000000000000037160Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\Publisher(Empty) 13241300x800000000000000037159Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\LowerCaseLongPathc:\program files\git\usr\bin\msgen.exe 13241300x800000000000000037158Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\BinProductVersion(Empty) 13241300x800000000000000037157Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\LinkDate06/19/2025 15:30:53 13241300x800000000000000037156Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\Publisher(Empty) 13241300x800000000000000037155Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\LowerCaseLongPathc:\program files\git\usr\bin\msgconv.exe 13241300x800000000000000037154Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\BinProductVersion(Empty) 13241300x800000000000000037153Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\LinkDate06/19/2025 15:30:53 13241300x800000000000000037152Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\Publisher(Empty) 13241300x800000000000000037151Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\LowerCaseLongPathc:\program files\git\usr\bin\msgcomm.exe 13241300x800000000000000037150Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\BinProductVersion(Empty) 13241300x800000000000000037149Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\LinkDate05/08/2031 18:06:26 13241300x800000000000000037148Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\Publisher(Empty) 13241300x800000000000000037147Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\LowerCaseLongPathc:\program files\git\usr\bin\msgcmp.exe 13241300x800000000000000037146Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\BinProductVersion(Empty) 13241300x800000000000000037145Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\LinkDate01/01/1970 00:00:01 13241300x800000000000000037144Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\Publisher(Empty) 13241300x800000000000000037143Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\LowerCaseLongPathc:\program files\git\usr\bin\msgcat.exe 13241300x800000000000000037142Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\BinProductVersion(Empty) 13241300x800000000000000037141Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\LinkDate01/01/1970 00:00:01 13241300x800000000000000037140Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\Publisher(Empty) 13241300x800000000000000037139Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\LowerCaseLongPathc:\program files\git\usr\bin\msgattrib.exe 13241300x800000000000000037138Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\BinProductVersion(Empty) 13241300x800000000000000037137Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\LinkDate01/01/1970 00:00:00 13241300x800000000000000037136Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\Publisher(Empty) 13241300x800000000000000037135Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\LowerCaseLongPathc:\program files\git\usr\bin\mpicalc.exe 13241300x800000000000000037134Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\BinProductVersion(Empty) 13241300x800000000000000037133Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\LinkDate03/26/2021 22:24:40 13241300x800000000000000037132Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\Publisher(Empty) 13241300x800000000000000037131Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\LowerCaseLongPathc:\program files\git\usr\bin\mount.exe 13241300x800000000000000037130Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\BinProductVersion(Empty) 13241300x800000000000000037129Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\LinkDate01/01/1970 00:00:00 13241300x800000000000000037128Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\Publisher(Empty) 13241300x800000000000000037127Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\LowerCaseLongPathc:\program files\git\usr\bin\mktemp.exe 13241300x800000000000000037126Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\BinProductVersion(Empty) 13241300x800000000000000037125Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\LinkDate03/26/2021 22:24:40 13241300x800000000000000037124Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\Publisher(Empty) 13241300x800000000000000037123Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\LowerCaseLongPathc:\program files\git\usr\bin\mkpasswd.exe 13241300x800000000000000037122Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\BinProductVersion(Empty) 13241300x800000000000000037121Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\LinkDate01/01/1970 00:00:00 13241300x800000000000000037120Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\Publisher(Empty) 13241300x800000000000000037119Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\LowerCaseLongPathc:\program files\git\usr\bin\mknod.exe 13241300x800000000000000037118Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\BinProductVersion(Empty) 13241300x800000000000000037117Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\LinkDate03/26/2021 22:24:40 13241300x800000000000000037116Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\Publisher(Empty) 13241300x800000000000000037115Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\LowerCaseLongPathc:\program files\git\usr\bin\mkgroup.exe 13241300x800000000000000037114Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\BinProductVersion(Empty) 13241300x800000000000000037113Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\LinkDate01/01/1970 00:00:00 13241300x800000000000000037112Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\Publisher(Empty) 13241300x800000000000000037111Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\LowerCaseLongPathc:\program files\git\usr\bin\mkfifo.exe 13241300x800000000000000037110Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\BinProductVersion(Empty) 13241300x800000000000000037109Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\LinkDate01/01/1970 00:00:00 13241300x800000000000000037108Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\Publisher(Empty) 13241300x800000000000000037107Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\LowerCaseLongPathc:\program files\git\usr\bin\mkdir.exe 13241300x800000000000000037106Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\BinProductVersion0.0.0.0 13241300x800000000000000037105Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037104Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\Publisherandy koppe / thomas wolff 13241300x800000000000000037103Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\LowerCaseLongPathc:\program files\git\usr\bin\mintty.exe 13241300x800000000000000037102Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\BinProductVersion(Empty) 13241300x800000000000000037101Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\LinkDate03/26/2021 22:24:40 13241300x800000000000000037100Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\Publisher(Empty) 13241300x800000000000000037099Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\LowerCaseLongPathc:\program files\git\usr\bin\minidumper.exe 13241300x800000000000000037098Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\BinProductVersion(Empty) 13241300x800000000000000037097Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\LinkDate01/01/1970 00:00:00 13241300x800000000000000037096Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\Publisher(Empty) 13241300x800000000000000037095Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\LowerCaseLongPathc:\program files\git\usr\bin\md5sum.exe 13241300x800000000000000037094Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\BinProductVersion(Empty) 13241300x800000000000000037093Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\LinkDate01/01/1970 00:00:00 13241300x800000000000000037092Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\Publisher(Empty) 13241300x800000000000000037091Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\LowerCaseLongPathc:\program files\git\usr\bin\mac2unix.exe 13241300x800000000000000037090Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\BinProductVersion5.2.5.0 13241300x800000000000000037089Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\LinkDate01/01/1970 00:00:00 13241300x800000000000000037088Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037087Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\LowerCaseLongPathc:\program files\git\mingw64\bin\lzmainfo.exe 13241300x800000000000000037086Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\BinProductVersion5.2.5.0 13241300x800000000000000037085Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037084Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037083Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\LowerCaseLongPathc:\program files\git\mingw64\bin\lzmadec.exe 13241300x800000000000000037082Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\BinProductVersion(Empty) 13241300x800000000000000037081Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\LinkDate03/26/2021 22:24:39 13241300x800000000000000037080Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\Publisher(Empty) 13241300x800000000000000037079Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\LowerCaseLongPathc:\program files\git\usr\bin\lsattr.exe 13241300x800000000000000037078Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\BinProductVersion(Empty) 13241300x800000000000000037077Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\LinkDate01/01/1970 00:00:00 13241300x800000000000000037076Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\Publisher(Empty) 13241300x800000000000000037075Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\LowerCaseLongPathc:\program files\git\usr\bin\ls.exe 13241300x800000000000000037074Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\BinProductVersion(Empty) 13241300x800000000000000037073Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\LinkDate01/01/1970 00:00:00 13241300x800000000000000037072Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\Publisher(Empty) 13241300x800000000000000037071Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\LowerCaseLongPathc:\program files\git\usr\bin\logname.exe 13241300x800000000000000037070Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\BinProductVersion(Empty) 13241300x800000000000000037069Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\LinkDate01/01/1970 00:00:00 13241300x800000000000000037068Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\Publisher(Empty) 13241300x800000000000000037067Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\LowerCaseLongPathc:\program files\git\usr\bin\locate.exe 13241300x800000000000000037066Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\BinProductVersion(Empty) 13241300x800000000000000037065Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\LinkDate03/26/2021 22:24:39 13241300x800000000000000037064Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\Publisher(Empty) 13241300x800000000000000037063Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\LowerCaseLongPathc:\program files\git\usr\bin\locale.exe 13241300x800000000000000037062Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\BinProductVersion(Empty) 13241300x800000000000000037061Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\LinkDate01/01/1970 00:00:00 13241300x800000000000000037060Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\Publisher(Empty) 13241300x800000000000000037059Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\LowerCaseLongPathc:\program files\git\usr\bin\ln.exe 13241300x800000000000000037058Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\BinProductVersion(Empty) 13241300x800000000000000037057Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\LinkDate01/01/1970 00:00:00 13241300x800000000000000037056Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\Publisher(Empty) 13241300x800000000000000037055Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\LowerCaseLongPathc:\program files\git\usr\bin\link.exe 13241300x800000000000000037054Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\BinProductVersion(Empty) 13241300x800000000000000037053Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\LinkDate01/01/1970 00:00:00 13241300x800000000000000037052Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\Publisher(Empty) 13241300x800000000000000037051Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\LowerCaseLongPathc:\program files\git\usr\bin\lesskey.exe 13241300x800000000000000037050Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\BinProductVersion(Empty) 13241300x800000000000000037049Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037048Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\Publisher(Empty) 13241300x800000000000000037047Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\LowerCaseLongPathc:\program files\git\usr\bin\lessecho.exe 13241300x800000000000000037046Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\BinProductVersion(Empty) 13241300x800000000000000037045Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\LinkDate01/01/1970 00:00:00 13241300x800000000000000037044Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\Publisher(Empty) 13241300x800000000000000037043Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\LowerCaseLongPathc:\program files\git\usr\bin\less.exe 13241300x800000000000000037042Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\BinProductVersion(Empty) 13241300x800000000000000037041Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.386{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\LinkDate03/26/2021 22:24:41 13241300x800000000000000037040Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\Publisher(Empty) 13241300x800000000000000037039Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\LowerCaseLongPathc:\program files\git\usr\bin\ldh.exe 13241300x800000000000000037038Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\BinProductVersion(Empty) 13241300x800000000000000037037Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\LinkDate03/26/2021 22:24:39 13241300x800000000000000037036Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\Publisher(Empty) 13241300x800000000000000037035Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\LowerCaseLongPathc:\program files\git\usr\bin\ldd.exe 13241300x800000000000000037034Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\BinProductVersion(Empty) 13241300x800000000000000037033Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\LinkDate03/26/2021 22:24:39 13241300x800000000000000037032Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\Publisher(Empty) 13241300x800000000000000037031Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\LowerCaseLongPathc:\program files\git\usr\bin\kill.exe 13241300x800000000000000037030Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\BinProductVersion(Empty) 13241300x800000000000000037029Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\LinkDate01/01/1970 00:00:00 13241300x800000000000000037028Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\Publisher(Empty) 13241300x800000000000000037027Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\LowerCaseLongPathc:\program files\git\usr\bin\kbxutil.exe 13241300x800000000000000037026Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\BinProductVersion(Empty) 13241300x800000000000000037025Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037024Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\Publisher(Empty) 13241300x800000000000000037023Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\LowerCaseLongPathc:\program files\git\usr\bin\join.exe 13241300x800000000000000037022Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\BinProductVersion(Empty) 13241300x800000000000000037021Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\LinkDate01/01/1970 00:00:00 13241300x800000000000000037020Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\Publisher(Empty) 13241300x800000000000000037019Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\LowerCaseLongPathc:\program files\git\usr\bin\install.exe 13241300x800000000000000037018Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\BinProductVersion(Empty) 13241300x800000000000000037017Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037016Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\Publisher(Empty) 13241300x800000000000000037015Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\LowerCaseLongPathc:\program files\git\usr\bin\infotocap.exe 13241300x800000000000000037014Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\BinProductVersion(Empty) 13241300x800000000000000037013Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\LinkDate01/01/1970 00:00:00 13241300x800000000000000037012Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\Publisher(Empty) 13241300x800000000000000037011Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\LowerCaseLongPathc:\program files\git\usr\bin\infocmp.exe 13241300x800000000000000037010Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\BinProductVersion(Empty) 13241300x800000000000000037009Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\LinkDate01/01/1970 00:00:00 13241300x800000000000000037008Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\Publisher(Empty) 13241300x800000000000000037007Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\LowerCaseLongPathc:\program files\git\usr\bin\id.exe 13241300x800000000000000037006Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\BinProductVersion(Empty) 13241300x800000000000000037005Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037004Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\Publisher(Empty) 13241300x800000000000000037003Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\LowerCaseLongPathc:\program files\git\usr\bin\iconv.exe 13241300x800000000000000037002Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\BinProductVersion(Empty) 13241300x800000000000000037001Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\LinkDate01/01/1970 00:00:00 13241300x800000000000000037000Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\Publisher(Empty) 13241300x800000000000000036999Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\LowerCaseLongPathc:\program files\git\usr\bin\hostname.exe 13241300x800000000000000036998Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\BinProductVersion(Empty) 13241300x800000000000000036997Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\LinkDate06/19/2025 15:30:53 13241300x800000000000000036996Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\Publisher(Empty) 13241300x800000000000000036995Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\LowerCaseLongPathc:\program files\git\usr\lib\gettext\hostname.exe 13241300x800000000000000036994Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\BinProductVersion(Empty) 13241300x800000000000000036993Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\LinkDate01/01/1970 00:00:00 13241300x800000000000000036992Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\Publisher(Empty) 13241300x800000000000000036991Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\LowerCaseLongPathc:\program files\git\usr\bin\hostid.exe 13241300x800000000000000036990Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\BinProductVersion(Empty) 13241300x800000000000000036989Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\LinkDate01/01/1970 00:00:00 13241300x800000000000000036988Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\Publisher(Empty) 13241300x800000000000000036987Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\LowerCaseLongPathc:\program files\git\usr\bin\hmac256.exe 13241300x800000000000000036986Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\BinProductVersion2.33.0.2 13241300x800000000000000036985Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\LinkDate08/24/2021 10:09:53 13241300x800000000000000036984Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\Publisherthe git development community 13241300x800000000000000036983Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\headless-git.exe 13241300x800000000000000036982Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\BinProductVersion(Empty) 13241300x800000000000000036981Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\LinkDate01/01/1970 00:00:00 13241300x800000000000000036980Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\Publisher(Empty) 13241300x800000000000000036979Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\LowerCaseLongPathc:\program files\git\usr\bin\head.exe 13241300x800000000000000036978Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\BinProductVersion(Empty) 13241300x800000000000000036977Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\LinkDate01/01/1970 00:00:00 13241300x800000000000000036976Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\Publisher(Empty) 13241300x800000000000000036975Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\LowerCaseLongPathc:\program files\git\usr\bin\gzip.exe 13241300x800000000000000036974Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gsettings.exe|4246bb34aefdd57f\BinProductVersion(Empty) 13241300x800000000000000036973Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gsettings.exe|4246bb34aefdd57f\LinkDate01/01/1970 00:00:00 13241300x800000000000000036972Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gsettings.exe|4246bb34aefdd57f\Publisher(Empty) 13241300x800000000000000036971Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gsettings.exe|4246bb34aefdd57f\LowerCaseLongPathc:\program files\git\usr\bin\gsettings.exe 13241300x800000000000000036970Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\BinProductVersion(Empty) 13241300x800000000000000036969Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\LinkDate01/01/1970 00:00:00 13241300x800000000000000036968Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\Publisher(Empty) 13241300x800000000000000036967Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\LowerCaseLongPathc:\program files\git\usr\bin\groups.exe 13241300x800000000000000036966Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\BinProductVersion(Empty) 13241300x800000000000000036965Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\LinkDate01/01/1970 00:00:00 13241300x800000000000000036964Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\Publisher(Empty) 13241300x800000000000000036963Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\LowerCaseLongPathc:\program files\git\usr\bin\grep.exe 13241300x800000000000000036962Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\BinProductVersion(Empty) 13241300x800000000000000036961Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\LinkDate01/01/1970 00:00:00 13241300x800000000000000036960Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\Publisher(Empty) 13241300x800000000000000036959Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\LowerCaseLongPathc:\program files\git\usr\lib\awk\grcat.exe 13241300x800000000000000036958Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\BinProductVersion(Empty) 13241300x800000000000000036957Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\LinkDate01/01/1970 00:00:00 13241300x800000000000000036956Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\Publisher(Empty) 13241300x800000000000000036955Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\LowerCaseLongPathc:\program files\git\usr\bin\gpgv.exe 13241300x800000000000000036954Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\BinProductVersion(Empty) 13241300x800000000000000036953Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\LinkDate01/01/1970 00:00:00 13241300x800000000000000036952Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\Publisher(Empty) 13241300x800000000000000036951Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\LowerCaseLongPathc:\program files\git\usr\bin\gpgtar.exe 13241300x800000000000000036950Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\BinProductVersion(Empty) 13241300x800000000000000036949Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\LinkDate01/01/1970 00:00:00 13241300x800000000000000036948Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\Publisher(Empty) 13241300x800000000000000036947Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\LowerCaseLongPathc:\program files\git\usr\bin\gpgsplit.exe 13241300x800000000000000036946Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\BinProductVersion(Empty) 13241300x800000000000000036945Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\LinkDate01/01/1970 00:00:00 13241300x800000000000000036944Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\Publisher(Empty) 13241300x800000000000000036943Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\LowerCaseLongPathc:\program files\git\usr\bin\gpgsm.exe 13241300x800000000000000036942Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\BinProductVersion(Empty) 13241300x800000000000000036941Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\LinkDate01/01/1970 00:00:00 13241300x800000000000000036940Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\Publisher(Empty) 13241300x800000000000000036939Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\LowerCaseLongPathc:\program files\git\usr\bin\gpgscm.exe 13241300x800000000000000036938Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\BinProductVersion(Empty) 13241300x800000000000000036937Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\LinkDate01/01/1970 00:00:00 13241300x800000000000000036936Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\Publisher(Empty) 13241300x800000000000000036935Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\LowerCaseLongPathc:\program files\git\usr\bin\gpgparsemail.exe 13241300x800000000000000036934Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\BinProductVersion(Empty) 13241300x800000000000000036933Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\LinkDate01/01/1970 00:00:00 13241300x800000000000000036932Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\Publisher(Empty) 13241300x800000000000000036931Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\LowerCaseLongPathc:\program files\git\usr\bin\gpgconf.exe 13241300x800000000000000036930Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\BinProductVersion(Empty) 13241300x800000000000000036929Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\LinkDate01/01/1970 00:00:00 13241300x800000000000000036928Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\Publisher(Empty) 13241300x800000000000000036927Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\LowerCaseLongPathc:\program files\git\usr\bin\gpg.exe 13241300x800000000000000036926Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\BinProductVersion(Empty) 13241300x800000000000000036925Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\LinkDate01/01/1970 00:00:00 13241300x800000000000000036924Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\Publisher(Empty) 13241300x800000000000000036923Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\LowerCaseLongPathc:\program files\git\usr\bin\gpg-wks-server.exe 13241300x800000000000000036922Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\BinProductVersion(Empty) 13241300x800000000000000036921Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\LinkDate01/01/1970 00:00:00 13241300x800000000000000036920Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\Publisher(Empty) 13241300x800000000000000036919Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-wks-client.exe 13241300x800000000000000036918Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\BinProductVersion(Empty) 13241300x800000000000000036917Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\LinkDate01/01/1970 00:00:00 13241300x800000000000000036916Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\Publisher(Empty) 13241300x800000000000000036915Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-protect-tool.exe 13241300x800000000000000036914Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\BinProductVersion(Empty) 13241300x800000000000000036913Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\LinkDate01/01/1970 00:00:00 13241300x800000000000000036912Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\Publisher(Empty) 13241300x800000000000000036911Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-preset-passphrase.exe 13241300x800000000000000036910Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\BinProductVersion(Empty) 13241300x800000000000000036909Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\LinkDate01/01/1970 00:00:00 13241300x800000000000000036908Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\Publisher(Empty) 13241300x800000000000000036907Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\LowerCaseLongPathc:\program files\git\usr\bin\gpg-error.exe 13241300x800000000000000036906Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\BinProductVersion(Empty) 13241300x800000000000000036905Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\LinkDate01/01/1970 00:00:00 13241300x800000000000000036904Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\Publisher(Empty) 13241300x800000000000000036903Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\LowerCaseLongPathc:\program files\git\usr\bin\gpg-connect-agent.exe 13241300x800000000000000036902Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\BinProductVersion(Empty) 13241300x800000000000000036901Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\LinkDate01/01/1970 00:00:00 13241300x800000000000000036900Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\Publisher(Empty) 13241300x800000000000000036899Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-check-pattern.exe 13241300x800000000000000036898Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\BinProductVersion(Empty) 13241300x800000000000000036897Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\LinkDate01/01/1970 00:00:00 13241300x800000000000000036896Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\Publisher(Empty) 13241300x800000000000000036895Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\LowerCaseLongPathc:\program files\git\usr\bin\gpg-agent.exe 13241300x800000000000000036894Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gobject-query.ex|134cc30a240ef385\BinProductVersion(Empty) 13241300x800000000000000036893Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gobject-query.ex|134cc30a240ef385\LinkDate01/01/1970 00:00:00 13241300x800000000000000036892Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gobject-query.ex|134cc30a240ef385\Publisher(Empty) 13241300x800000000000000036891Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gobject-query.ex|134cc30a240ef385\LowerCaseLongPathc:\program files\git\usr\bin\gobject-query.exe 13241300x800000000000000036890Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\glib-compile-sch|5f50bc4882f3c325\BinProductVersion(Empty) 13241300x800000000000000036889Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\glib-compile-sch|5f50bc4882f3c325\LinkDate01/01/1970 00:00:00 13241300x800000000000000036888Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\glib-compile-sch|5f50bc4882f3c325\Publisher(Empty) 13241300x800000000000000036887Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\glib-compile-sch|5f50bc4882f3c325\LowerCaseLongPathc:\program files\git\usr\bin\glib-compile-schemas.exe 13241300x800000000000000036886Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\BinProductVersion(Empty) 13241300x800000000000000036885Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\LinkDate01/01/1970 00:00:00 13241300x800000000000000036884Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\Publisher(Empty) 13241300x800000000000000036883Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\LowerCaseLongPathc:\program files\git\usr\bin\gkill.exe 13241300x800000000000000036882Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\BinProductVersion2.33.0.2 13241300x800000000000000036881Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036880Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\Publisherthe git development community 13241300x800000000000000036879Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.371{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\LowerCaseLongPathc:\program files\git\cmd\gitk.exe 13241300x800000000000000036878Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.ui.exe|1ab248feff39f24\BinProductVersion2.0.498.0 13241300x800000000000000036877Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.ui.exe|1ab248feff39f24\LinkDate12/29/2089 16:38:49 13241300x800000000000000036876Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.ui.exe|1ab248feff39f24\Publishergithub.ui 13241300x800000000000000036875Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.ui.exe|1ab248feff39f24\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\github.ui.exe 13241300x800000000000000036874Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.authentic|8ce4a82757c1afc5\BinProductVersion1.5.0.0 13241300x800000000000000036873Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.authentic|8ce4a82757c1afc5\LinkDate09/05/2019 15:01:45 13241300x800000000000000036872Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.authentic|8ce4a82757c1afc5\Publishergithub 13241300x800000000000000036871Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\github.authentic|8ce4a82757c1afc5\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\github.authentication.exe 13241300x800000000000000036870Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\BinProductVersion2.33.0.2 13241300x800000000000000036869Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036868Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\Publisherthe git development community 13241300x800000000000000036867Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git.exe 13241300x800000000000000036866Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\BinProductVersion2.33.0.2 13241300x800000000000000036865Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\LinkDate08/24/2021 10:09:53 13241300x800000000000000036864Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\Publisherthe git development community 13241300x800000000000000036863Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\LowerCaseLongPathc:\program files\git\bin\git.exe 13241300x800000000000000036862Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\BinProductVersion2.33.0.2 13241300x800000000000000036861Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\LinkDate08/24/2021 10:09:53 13241300x800000000000000036860Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\Publisherthe git development community 13241300x800000000000000036859Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\LowerCaseLongPathc:\program files\git\mingw64\bin\git.exe 13241300x800000000000000036858Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\BinProductVersion2.33.0.2 13241300x800000000000000036857Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\LinkDate08/24/2021 10:09:53 13241300x800000000000000036856Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\Publisherthe git development community 13241300x800000000000000036855Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\LowerCaseLongPathc:\program files\git\cmd\git.exe 13241300x800000000000000036854Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-write-tree.e|792c1951a5d77083\BinProductVersion2.33.0.2 13241300x800000000000000036853Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-write-tree.e|792c1951a5d77083\LinkDate08/24/2021 10:09:53 13241300x800000000000000036852Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-write-tree.e|792c1951a5d77083\Publisherthe git development community 13241300x800000000000000036851Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-write-tree.e|792c1951a5d77083\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-write-tree.exe 13241300x800000000000000036850Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\BinProductVersion2.33.0.2 13241300x800000000000000036849Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\LinkDate08/24/2021 10:09:53 13241300x800000000000000036848Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\Publisherthe git development community 13241300x800000000000000036847Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\LowerCaseLongPathc:\program files\git\mingw64\share\git\git-wrapper.exe 13241300x800000000000000036846Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-worktree.exe|334239d9fbdc7a11\BinProductVersion2.33.0.2 13241300x800000000000000036845Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-worktree.exe|334239d9fbdc7a11\LinkDate08/24/2021 10:09:53 13241300x800000000000000036844Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-worktree.exe|334239d9fbdc7a11\Publisherthe git development community 13241300x800000000000000036843Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-worktree.exe|334239d9fbdc7a11\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-worktree.exe 13241300x800000000000000036842Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-whatchanged.|b8fb62958eb786da\BinProductVersion2.33.0.2 13241300x800000000000000036841Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-whatchanged.|b8fb62958eb786da\LinkDate08/24/2021 10:09:53 13241300x800000000000000036840Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-whatchanged.|b8fb62958eb786da\Publisherthe git development community 13241300x800000000000000036839Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-whatchanged.|b8fb62958eb786da\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-whatchanged.exe 13241300x800000000000000036838Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-tag.e|d492b12e36f71329\BinProductVersion2.33.0.2 13241300x800000000000000036837Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-tag.e|d492b12e36f71329\LinkDate08/24/2021 10:09:53 13241300x800000000000000036836Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-tag.e|d492b12e36f71329\Publisherthe git development community 13241300x800000000000000036835Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-tag.e|d492b12e36f71329\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-verify-tag.exe 13241300x800000000000000036834Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-pack.|d565dfc7b34b65aa\BinProductVersion2.33.0.2 13241300x800000000000000036833Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-pack.|d565dfc7b34b65aa\LinkDate08/24/2021 10:09:53 13241300x800000000000000036832Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-pack.|d565dfc7b34b65aa\Publisherthe git development community 13241300x800000000000000036831Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-pack.|d565dfc7b34b65aa\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-verify-pack.exe 13241300x800000000000000036830Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-commi|f37a5e9bd2f4578a\BinProductVersion2.33.0.2 13241300x800000000000000036829Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-commi|f37a5e9bd2f4578a\LinkDate08/24/2021 10:09:53 13241300x800000000000000036828Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-commi|f37a5e9bd2f4578a\Publisherthe git development community 13241300x800000000000000036827Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-verify-commi|f37a5e9bd2f4578a\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-verify-commit.exe 13241300x800000000000000036826Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-var.exe|751104bdaadb1181\BinProductVersion2.33.0.2 13241300x800000000000000036825Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-var.exe|751104bdaadb1181\LinkDate08/24/2021 10:09:53 13241300x800000000000000036824Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-var.exe|751104bdaadb1181\Publisherthe git development community 13241300x800000000000000036823Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-var.exe|751104bdaadb1181\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-var.exe 13241300x800000000000000036822Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\BinProductVersion2.33.0.2 13241300x800000000000000036821Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\LinkDate08/24/2021 10:09:53 13241300x800000000000000036820Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\Publisherthe git development community 13241300x800000000000000036819Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\LowerCaseLongPathc:\program files\git\mingw64\bin\git-upload-pack.exe 13241300x800000000000000036818Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|4bc571ea2cc47819\BinProductVersion2.33.0.2 13241300x800000000000000036817Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|4bc571ea2cc47819\LinkDate08/24/2021 10:09:53 13241300x800000000000000036816Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|4bc571ea2cc47819\Publisherthe git development community 13241300x800000000000000036815Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-pack.|4bc571ea2cc47819\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-upload-pack.exe 13241300x800000000000000036814Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|f4cda268b43d63d5\BinProductVersion2.33.0.2 13241300x800000000000000036813Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|f4cda268b43d63d5\LinkDate08/24/2021 10:09:53 13241300x800000000000000036812Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|f4cda268b43d63d5\Publisherthe git development community 13241300x800000000000000036811Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|f4cda268b43d63d5\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-upload-archive.exe 13241300x800000000000000036810Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\BinProductVersion2.33.0.2 13241300x800000000000000036809Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036808Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\Publisherthe git development community 13241300x800000000000000036807Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-upload-archive.exe 13241300x800000000000000036806Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-serve|d3496551fcee326\BinProductVersion2.33.0.2 13241300x800000000000000036805Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-serve|d3496551fcee326\LinkDate08/24/2021 10:09:53 13241300x800000000000000036804Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-serve|d3496551fcee326\Publisherthe git development community 13241300x800000000000000036803Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-serve|d3496551fcee326\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-update-server-info.exe 13241300x800000000000000036802Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-ref.e|636e33b932a7ad4\BinProductVersion2.33.0.2 13241300x800000000000000036801Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-ref.e|636e33b932a7ad4\LinkDate08/24/2021 10:09:53 13241300x800000000000000036800Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-ref.e|636e33b932a7ad4\Publisherthe git development community 13241300x800000000000000036799Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-ref.e|636e33b932a7ad4\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-update-ref.exe 13241300x800000000000000036798Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-index|cc5c84a1add7114d\BinProductVersion2.33.0.2 13241300x800000000000000036797Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-index|cc5c84a1add7114d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036796Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-index|cc5c84a1add7114d\Publisherthe git development community 13241300x800000000000000036795Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-update-index|cc5c84a1add7114d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-update-index.exe 13241300x800000000000000036794Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-objec|93ac7618bed9528f\BinProductVersion2.33.0.2 13241300x800000000000000036793Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-objec|93ac7618bed9528f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036792Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-objec|93ac7618bed9528f\Publisherthe git development community 13241300x800000000000000036791Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-objec|93ac7618bed9528f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-unpack-objects.exe 13241300x800000000000000036790Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-file.|7756b160cc2cfb66\BinProductVersion2.33.0.2 13241300x800000000000000036789Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-file.|7756b160cc2cfb66\LinkDate08/24/2021 10:09:53 13241300x800000000000000036788Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-file.|7756b160cc2cfb66\Publisherthe git development community 13241300x800000000000000036787Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-unpack-file.|7756b160cc2cfb66\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-unpack-file.exe 13241300x800000000000000036786Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-tag.exe|7666d39e6cc8f3cc\BinProductVersion2.33.0.2 13241300x800000000000000036785Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-tag.exe|7666d39e6cc8f3cc\LinkDate08/24/2021 10:09:53 13241300x800000000000000036784Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-tag.exe|7666d39e6cc8f3cc\Publisherthe git development community 13241300x800000000000000036783Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-tag.exe|7666d39e6cc8f3cc\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-tag.exe 13241300x800000000000000036782Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-symbolic-ref|ce473368350d320a\BinProductVersion2.33.0.2 13241300x800000000000000036781Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-symbolic-ref|ce473368350d320a\LinkDate08/24/2021 10:09:53 13241300x800000000000000036780Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-symbolic-ref|ce473368350d320a\Publisherthe git development community 13241300x800000000000000036779Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-symbolic-ref|ce473368350d320a\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-symbolic-ref.exe 13241300x800000000000000036778Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-switch.exe|ff6e85f065529228\BinProductVersion2.33.0.2 13241300x800000000000000036777Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-switch.exe|ff6e85f065529228\LinkDate08/24/2021 10:09:53 13241300x800000000000000036776Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-switch.exe|ff6e85f065529228\Publisherthe git development community 13241300x800000000000000036775Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-switch.exe|ff6e85f065529228\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-switch.exe 13241300x800000000000000036774Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-submodule--h|a577781a96a63623\BinProductVersion2.33.0.2 13241300x800000000000000036773Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-submodule--h|a577781a96a63623\LinkDate08/24/2021 10:09:53 13241300x800000000000000036772Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-submodule--h|a577781a96a63623\Publisherthe git development community 13241300x800000000000000036771Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-submodule--h|a577781a96a63623\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-submodule--helper.exe 13241300x800000000000000036770Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stripspace.e|7f2324fbc967deaa\BinProductVersion2.33.0.2 13241300x800000000000000036769Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stripspace.e|7f2324fbc967deaa\LinkDate08/24/2021 10:09:53 13241300x800000000000000036768Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stripspace.e|7f2324fbc967deaa\Publisherthe git development community 13241300x800000000000000036767Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stripspace.e|7f2324fbc967deaa\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-stripspace.exe 13241300x800000000000000036766Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-status.exe|f379629630fb27d9\BinProductVersion2.33.0.2 13241300x800000000000000036765Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-status.exe|f379629630fb27d9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036764Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-status.exe|f379629630fb27d9\Publisherthe git development community 13241300x800000000000000036763Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-status.exe|f379629630fb27d9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-status.exe 13241300x800000000000000036762Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stash.exe|a40e77c71ac2aede\BinProductVersion2.33.0.2 13241300x800000000000000036761Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stash.exe|a40e77c71ac2aede\LinkDate08/24/2021 10:09:53 13241300x800000000000000036760Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stash.exe|a40e77c71ac2aede\Publisherthe git development community 13241300x800000000000000036759Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stash.exe|a40e77c71ac2aede\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-stash.exe 13241300x800000000000000036758Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stage.exe|f500735b2eec0385\BinProductVersion2.33.0.2 13241300x800000000000000036757Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stage.exe|f500735b2eec0385\LinkDate08/24/2021 10:09:53 13241300x800000000000000036756Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stage.exe|f500735b2eec0385\Publisherthe git development community 13241300x800000000000000036755Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-stage.exe|f500735b2eec0385\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-stage.exe 13241300x800000000000000036754Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sparse-check|f4825f9ae19d20b3\BinProductVersion2.33.0.2 13241300x800000000000000036753Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sparse-check|f4825f9ae19d20b3\LinkDate08/24/2021 10:09:53 13241300x800000000000000036752Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sparse-check|f4825f9ae19d20b3\Publisherthe git development community 13241300x800000000000000036751Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sparse-check|f4825f9ae19d20b3\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-sparse-checkout.exe 13241300x800000000000000036750Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show.exe|6e9a2dd47e6867ba\BinProductVersion2.33.0.2 13241300x800000000000000036749Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show.exe|6e9a2dd47e6867ba\LinkDate08/24/2021 10:09:53 13241300x800000000000000036748Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show.exe|6e9a2dd47e6867ba\Publisherthe git development community 13241300x800000000000000036747Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show.exe|6e9a2dd47e6867ba\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-show.exe 13241300x800000000000000036746Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-ref.exe|f7f4cf76175660d6\BinProductVersion2.33.0.2 13241300x800000000000000036745Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-ref.exe|f7f4cf76175660d6\LinkDate08/24/2021 10:09:53 13241300x800000000000000036744Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-ref.exe|f7f4cf76175660d6\Publisherthe git development community 13241300x800000000000000036743Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-ref.exe|f7f4cf76175660d6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-show-ref.exe 13241300x800000000000000036742Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-index.e|8286f2c5e311f4dd\BinProductVersion2.33.0.2 13241300x800000000000000036741Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-index.e|8286f2c5e311f4dd\LinkDate08/24/2021 10:09:53 13241300x800000000000000036740Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-index.e|8286f2c5e311f4dd\Publisherthe git development community 13241300x800000000000000036739Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-index.e|8286f2c5e311f4dd\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-show-index.exe 13241300x800000000000000036738Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-branch.|e7aa2817ea598ca5\BinProductVersion2.33.0.2 13241300x800000000000000036737Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-branch.|e7aa2817ea598ca5\LinkDate08/24/2021 10:09:53 13241300x800000000000000036736Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-branch.|e7aa2817ea598ca5\Publisherthe git development community 13241300x800000000000000036735Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-show-branch.|e7aa2817ea598ca5\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-show-branch.exe 13241300x800000000000000036734Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-shortlog.exe|6690a566fa773a48\BinProductVersion2.33.0.2 13241300x800000000000000036733Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-shortlog.exe|6690a566fa773a48\LinkDate08/24/2021 10:09:53 13241300x800000000000000036732Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-shortlog.exe|6690a566fa773a48\Publisherthe git development community 13241300x800000000000000036731Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-shortlog.exe|6690a566fa773a48\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-shortlog.exe 13241300x800000000000000036730Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\BinProductVersion2.33.0.2 13241300x800000000000000036729Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036728Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\Publisherthe git development community 13241300x800000000000000036727Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-sh-i18n--envsubst.exe 13241300x800000000000000036726Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-send-pack.ex|da651d512f55be29\BinProductVersion2.33.0.2 13241300x800000000000000036725Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-send-pack.ex|da651d512f55be29\LinkDate08/24/2021 10:09:53 13241300x800000000000000036724Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-send-pack.ex|da651d512f55be29\Publisherthe git development community 13241300x800000000000000036723Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-send-pack.ex|da651d512f55be29\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-send-pack.exe 13241300x800000000000000036722Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rm.exe|8e86f766b6479aa7\BinProductVersion2.33.0.2 13241300x800000000000000036721Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rm.exe|8e86f766b6479aa7\LinkDate08/24/2021 10:09:53 13241300x800000000000000036720Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rm.exe|8e86f766b6479aa7\Publisherthe git development community 13241300x800000000000000036719Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rm.exe|8e86f766b6479aa7\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-rm.exe 13241300x800000000000000036718Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-revert.exe|7aa27432655fad81\BinProductVersion2.33.0.2 13241300x800000000000000036717Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-revert.exe|7aa27432655fad81\LinkDate08/24/2021 10:09:53 13241300x800000000000000036716Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-revert.exe|7aa27432655fad81\Publisherthe git development community 13241300x800000000000000036715Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-revert.exe|7aa27432655fad81\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-revert.exe 13241300x800000000000000036714Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-parse.ex|d6a8e773756ed1d6\BinProductVersion2.33.0.2 13241300x800000000000000036713Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-parse.ex|d6a8e773756ed1d6\LinkDate08/24/2021 10:09:53 13241300x800000000000000036712Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-parse.ex|d6a8e773756ed1d6\Publisherthe git development community 13241300x800000000000000036711Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-parse.ex|d6a8e773756ed1d6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-rev-parse.exe 13241300x800000000000000036710Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-list.exe|269a9e57005af766\BinProductVersion2.33.0.2 13241300x800000000000000036709Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-list.exe|269a9e57005af766\LinkDate08/24/2021 10:09:53 13241300x800000000000000036708Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-list.exe|269a9e57005af766\Publisherthe git development community 13241300x800000000000000036707Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rev-list.exe|269a9e57005af766\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-rev-list.exe 13241300x800000000000000036706Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-restore.exe|8e7fc8b24c23bae3\BinProductVersion2.33.0.2 13241300x800000000000000036705Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-restore.exe|8e7fc8b24c23bae3\LinkDate08/24/2021 10:09:53 13241300x800000000000000036704Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-restore.exe|8e7fc8b24c23bae3\Publisherthe git development community 13241300x800000000000000036703Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-restore.exe|8e7fc8b24c23bae3\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-restore.exe 13241300x800000000000000036702Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reset.exe|36c5794b3e41dd77\BinProductVersion2.33.0.2 13241300x800000000000000036701Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reset.exe|36c5794b3e41dd77\LinkDate08/24/2021 10:09:53 13241300x800000000000000036700Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reset.exe|36c5794b3e41dd77\Publisherthe git development community 13241300x800000000000000036699Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reset.exe|36c5794b3e41dd77\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-reset.exe 13241300x800000000000000036698Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rerere.exe|fc745b45c205e431\BinProductVersion2.33.0.2 13241300x800000000000000036697Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rerere.exe|fc745b45c205e431\LinkDate08/24/2021 10:09:53 13241300x800000000000000036696Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rerere.exe|fc745b45c205e431\Publisherthe git development community 13241300x800000000000000036695Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rerere.exe|fc745b45c205e431\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-rerere.exe 13241300x800000000000000036694Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-replace.exe|3cfc7710e33c88bb\BinProductVersion2.33.0.2 13241300x800000000000000036693Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-replace.exe|3cfc7710e33c88bb\LinkDate08/24/2021 10:09:53 13241300x800000000000000036692Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-replace.exe|3cfc7710e33c88bb\Publisherthe git development community 13241300x800000000000000036691Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-replace.exe|3cfc7710e33c88bb\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-replace.exe 13241300x800000000000000036690Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-repack.exe|b1385c9cee9c0160\BinProductVersion2.33.0.2 13241300x800000000000000036689Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-repack.exe|b1385c9cee9c0160\LinkDate08/24/2021 10:09:53 13241300x800000000000000036688Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-repack.exe|b1385c9cee9c0160\Publisherthe git development community 13241300x800000000000000036687Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-repack.exe|b1385c9cee9c0160\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-repack.exe 13241300x800000000000000036686Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote.exe|2eac402aac5dd179\BinProductVersion2.33.0.2 13241300x800000000000000036685Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote.exe|2eac402aac5dd179\LinkDate08/24/2021 10:09:53 13241300x800000000000000036684Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote.exe|2eac402aac5dd179\Publisherthe git development community 13241300x800000000000000036683Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote.exe|2eac402aac5dd179\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote.exe 13241300x800000000000000036682Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\BinProductVersion2.33.0.2 13241300x800000000000000036681Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\LinkDate08/24/2021 10:09:53 13241300x800000000000000036680Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\Publisherthe git development community 13241300x800000000000000036679Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-https.exe 13241300x800000000000000036678Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\BinProductVersion2.33.0.2 13241300x800000000000000036677Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\LinkDate08/24/2021 10:09:53 13241300x800000000000000036676Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\Publisherthe git development community 13241300x800000000000000036675Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-http.exe 13241300x800000000000000036674Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\BinProductVersion2.33.0.2 13241300x800000000000000036673Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036672Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\Publisherthe git development community 13241300x800000000000000036671Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-ftps.exe 13241300x800000000000000036670Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\BinProductVersion2.33.0.2 13241300x800000000000000036669Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\LinkDate08/24/2021 10:09:53 13241300x800000000000000036668Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\Publisherthe git development community 13241300x800000000000000036667Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-ftp.exe 13241300x800000000000000036666Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-fd.ex|e557f81c4381d7b0\BinProductVersion2.33.0.2 13241300x800000000000000036665Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-fd.ex|e557f81c4381d7b0\LinkDate08/24/2021 10:09:53 13241300x800000000000000036664Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-fd.ex|e557f81c4381d7b0\Publisherthe git development community 13241300x800000000000000036663Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-fd.ex|e557f81c4381d7b0\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-fd.exe 13241300x800000000000000036662Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ext.e|bd6596e1f05a9659\BinProductVersion2.33.0.2 13241300x800000000000000036661Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ext.e|bd6596e1f05a9659\LinkDate08/24/2021 10:09:53 13241300x800000000000000036660Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ext.e|bd6596e1f05a9659\Publisherthe git development community 13241300x800000000000000036659Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-remote-ext.e|bd6596e1f05a9659\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-ext.exe 13241300x800000000000000036658Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reflog.exe|34db507846fa6f12\BinProductVersion2.33.0.2 13241300x800000000000000036657Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reflog.exe|34db507846fa6f12\LinkDate08/24/2021 10:09:53 13241300x800000000000000036656Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reflog.exe|34db507846fa6f12\Publisherthe git development community 13241300x800000000000000036655Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-reflog.exe|34db507846fa6f12\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-reflog.exe 13241300x800000000000000036654Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\BinProductVersion2.33.0.2 13241300x800000000000000036653Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\LinkDate08/24/2021 10:09:53 13241300x800000000000000036652Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\Publisherthe git development community 13241300x800000000000000036651Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\LowerCaseLongPathc:\program files\git\mingw64\bin\git-receive-pack.exe 13241300x800000000000000036650Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|4bf4387fd198488d\BinProductVersion2.33.0.2 13241300x800000000000000036649Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|4bf4387fd198488d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036648Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|4bf4387fd198488d\Publisherthe git development community 13241300x800000000000000036647Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-receive-pack|4bf4387fd198488d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-receive-pack.exe 13241300x800000000000000036646Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rebase.exe|80d1b0e35c07195b\BinProductVersion2.33.0.2 13241300x800000000000000036645Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rebase.exe|80d1b0e35c07195b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036644Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rebase.exe|80d1b0e35c07195b\Publisherthe git development community 13241300x800000000000000036643Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-rebase.exe|80d1b0e35c07195b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-rebase.exe 13241300x800000000000000036642Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-read-tree.ex|22941f40e639aef1\BinProductVersion2.33.0.2 13241300x800000000000000036641Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-read-tree.ex|22941f40e639aef1\LinkDate08/24/2021 10:09:53 13241300x800000000000000036640Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-read-tree.ex|22941f40e639aef1\Publisherthe git development community 13241300x800000000000000036639Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-read-tree.ex|22941f40e639aef1\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-read-tree.exe 13241300x800000000000000036638Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-range-diff.e|27a041f8d99ea5e9\BinProductVersion2.33.0.2 13241300x800000000000000036637Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-range-diff.e|27a041f8d99ea5e9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036636Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-range-diff.e|27a041f8d99ea5e9\Publisherthe git development community 13241300x800000000000000036635Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-range-diff.e|27a041f8d99ea5e9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-range-diff.exe 13241300x800000000000000036634Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-push.exe|6b8bbc843881b879\BinProductVersion2.33.0.2 13241300x800000000000000036633Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-push.exe|6b8bbc843881b879\LinkDate08/24/2021 10:09:53 13241300x800000000000000036632Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-push.exe|6b8bbc843881b879\Publisherthe git development community 13241300x800000000000000036631Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-push.exe|6b8bbc843881b879\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-push.exe 13241300x800000000000000036630Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pull.exe|5c528221eaacce43\BinProductVersion2.33.0.2 13241300x800000000000000036629Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pull.exe|5c528221eaacce43\LinkDate08/24/2021 10:09:53 13241300x800000000000000036628Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pull.exe|5c528221eaacce43\Publisherthe git development community 13241300x800000000000000036627Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pull.exe|5c528221eaacce43\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-pull.exe 13241300x800000000000000036626Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune.exe|8dd360f83decd04c\BinProductVersion2.33.0.2 13241300x800000000000000036625Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune.exe|8dd360f83decd04c\LinkDate08/24/2021 10:09:53 13241300x800000000000000036624Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune.exe|8dd360f83decd04c\Publisherthe git development community 13241300x800000000000000036623Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune.exe|8dd360f83decd04c\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-prune.exe 13241300x800000000000000036622Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune-packed|7ea14beb272e20eb\BinProductVersion2.33.0.2 13241300x800000000000000036621Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune-packed|7ea14beb272e20eb\LinkDate08/24/2021 10:09:53 13241300x800000000000000036620Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune-packed|7ea14beb272e20eb\Publisherthe git development community 13241300x800000000000000036619Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-prune-packed|7ea14beb272e20eb\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-prune-packed.exe 13241300x800000000000000036618Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-patch-id.exe|280f7dfabbed9aa0\BinProductVersion2.33.0.2 13241300x800000000000000036617Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-patch-id.exe|280f7dfabbed9aa0\LinkDate08/24/2021 10:09:53 13241300x800000000000000036616Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-patch-id.exe|280f7dfabbed9aa0\Publisherthe git development community 13241300x800000000000000036615Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-patch-id.exe|280f7dfabbed9aa0\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-patch-id.exe 13241300x800000000000000036614Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-refs.ex|a72849c27ec32acf\BinProductVersion2.33.0.2 13241300x800000000000000036613Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-refs.ex|a72849c27ec32acf\LinkDate08/24/2021 10:09:53 13241300x800000000000000036612Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-refs.ex|a72849c27ec32acf\Publisherthe git development community 13241300x800000000000000036611Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-refs.ex|a72849c27ec32acf\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-pack-refs.exe 13241300x800000000000000036610Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-redunda|3bea7e0b47bae351\BinProductVersion2.33.0.2 13241300x800000000000000036609Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-redunda|3bea7e0b47bae351\LinkDate08/24/2021 10:09:53 13241300x800000000000000036608Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-redunda|3bea7e0b47bae351\Publisherthe git development community 13241300x800000000000000036607Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-redunda|3bea7e0b47bae351\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-pack-redundant.exe 13241300x800000000000000036606Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-objects|b6ba6e682d1328e9\BinProductVersion2.33.0.2 13241300x800000000000000036605Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-objects|b6ba6e682d1328e9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036604Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-objects|b6ba6e682d1328e9\Publisherthe git development community 13241300x800000000000000036603Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-pack-objects|b6ba6e682d1328e9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-pack-objects.exe 13241300x800000000000000036602Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-notes.exe|cadb47a79807ad03\BinProductVersion2.33.0.2 13241300x800000000000000036601Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-notes.exe|cadb47a79807ad03\LinkDate08/24/2021 10:09:53 13241300x800000000000000036600Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-notes.exe|cadb47a79807ad03\Publisherthe git development community 13241300x800000000000000036599Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-notes.exe|cadb47a79807ad03\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-notes.exe 13241300x800000000000000036598Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-name-rev.exe|7b3ad17acd0ba124\BinProductVersion2.33.0.2 13241300x800000000000000036597Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-name-rev.exe|7b3ad17acd0ba124\LinkDate08/24/2021 10:09:53 13241300x800000000000000036596Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-name-rev.exe|7b3ad17acd0ba124\Publisherthe git development community 13241300x800000000000000036595Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-name-rev.exe|7b3ad17acd0ba124\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-name-rev.exe 13241300x800000000000000036594Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mv.exe|e80e8664561f73b6\BinProductVersion2.33.0.2 13241300x800000000000000036593Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mv.exe|e80e8664561f73b6\LinkDate08/24/2021 10:09:53 13241300x800000000000000036592Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mv.exe|e80e8664561f73b6\Publisherthe git development community 13241300x800000000000000036591Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mv.exe|e80e8664561f73b6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-mv.exe 13241300x800000000000000036590Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-multi-pack-i|b0da66b3239cc0aa\BinProductVersion2.33.0.2 13241300x800000000000000036589Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-multi-pack-i|b0da66b3239cc0aa\LinkDate08/24/2021 10:09:53 13241300x800000000000000036588Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-multi-pack-i|b0da66b3239cc0aa\Publisherthe git development community 13241300x800000000000000036587Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-multi-pack-i|b0da66b3239cc0aa\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-multi-pack-index.exe 13241300x800000000000000036586Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktree.exe|9fb15060439194e9\BinProductVersion2.33.0.2 13241300x800000000000000036585Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktree.exe|9fb15060439194e9\LinkDate08/24/2021 10:09:53 13241300x800000000000000036584Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktree.exe|9fb15060439194e9\Publisherthe git development community 13241300x800000000000000036583Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktree.exe|9fb15060439194e9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-mktree.exe 13241300x800000000000000036582Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktag.exe|f9ff9b0e12a2d151\BinProductVersion2.33.0.2 13241300x800000000000000036581Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktag.exe|f9ff9b0e12a2d151\LinkDate08/24/2021 10:09:53 13241300x800000000000000036580Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktag.exe|f9ff9b0e12a2d151\Publisherthe git development community 13241300x800000000000000036579Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mktag.exe|f9ff9b0e12a2d151\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-mktag.exe 13241300x800000000000000036578Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge.exe|882533b7baebdf26\BinProductVersion2.33.0.2 13241300x800000000000000036577Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge.exe|882533b7baebdf26\LinkDate08/24/2021 10:09:53 13241300x800000000000000036576Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge.exe|882533b7baebdf26\Publisherthe git development community 13241300x800000000000000036575Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge.exe|882533b7baebdf26\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge.exe 13241300x800000000000000036574Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-tree.e|2091c16f572d3b68\BinProductVersion2.33.0.2 13241300x800000000000000036573Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-tree.e|2091c16f572d3b68\LinkDate08/24/2021 10:09:53 13241300x800000000000000036572Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-tree.e|2091c16f572d3b68\Publisherthe git development community 13241300x800000000000000036571Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-tree.e|2091c16f572d3b68\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-tree.exe 13241300x800000000000000036570Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-subtre|334ec69ba0fedd6f\BinProductVersion2.33.0.2 13241300x800000000000000036569Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-subtre|334ec69ba0fedd6f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036568Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-subtre|334ec69ba0fedd6f\Publisherthe git development community 13241300x800000000000000036567Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-subtre|334ec69ba0fedd6f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-subtree.exe 13241300x800000000000000036566Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-recurs|5342cf57bbb67b35\BinProductVersion2.33.0.2 13241300x800000000000000036565Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-recurs|5342cf57bbb67b35\LinkDate08/24/2021 10:09:53 13241300x800000000000000036564Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-recurs|5342cf57bbb67b35\Publisherthe git development community 13241300x800000000000000036563Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-recurs|5342cf57bbb67b35\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-recursive.exe 13241300x800000000000000036562Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-ours.e|8a9c9030af4fea1\BinProductVersion2.33.0.2 13241300x800000000000000036561Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-ours.e|8a9c9030af4fea1\LinkDate08/24/2021 10:09:53 13241300x800000000000000036560Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-ours.e|8a9c9030af4fea1\Publisherthe git development community 13241300x800000000000000036559Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-ours.e|8a9c9030af4fea1\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-ours.exe 13241300x800000000000000036558Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-index.|21be940b8e49773d\BinProductVersion2.33.0.2 13241300x800000000000000036557Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-index.|21be940b8e49773d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036556Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-index.|21be940b8e49773d\Publisherthe git development community 13241300x800000000000000036555Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-index.|21be940b8e49773d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-index.exe 13241300x800000000000000036554Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-file.e|daffc665e459523c\BinProductVersion2.33.0.2 13241300x800000000000000036553Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-file.e|daffc665e459523c\LinkDate08/24/2021 10:09:53 13241300x800000000000000036552Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-file.e|daffc665e459523c\Publisherthe git development community 13241300x800000000000000036551Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-file.e|daffc665e459523c\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-file.exe 13241300x800000000000000036550Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-base.e|30dc1b69df66ab7c\BinProductVersion2.33.0.2 13241300x800000000000000036549Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-base.e|30dc1b69df66ab7c\LinkDate08/24/2021 10:09:53 13241300x800000000000000036548Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-base.e|30dc1b69df66ab7c\Publisherthe git development community 13241300x800000000000000036547Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-merge-base.e|30dc1b69df66ab7c\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-merge-base.exe 13241300x800000000000000036546Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-maintenance.|3bae5fb74f39ca3b\BinProductVersion2.33.0.2 13241300x800000000000000036545Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-maintenance.|3bae5fb74f39ca3b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036544Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-maintenance.|3bae5fb74f39ca3b\Publisherthe git development community 13241300x800000000000000036543Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-maintenance.|3bae5fb74f39ca3b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-maintenance.exe 13241300x800000000000000036542Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailsplit.ex|6b4c4fb0ebcb699d\BinProductVersion2.33.0.2 13241300x800000000000000036541Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailsplit.ex|6b4c4fb0ebcb699d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036540Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailsplit.ex|6b4c4fb0ebcb699d\Publisherthe git development community 13241300x800000000000000036539Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailsplit.ex|6b4c4fb0ebcb699d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-mailsplit.exe 13241300x800000000000000036538Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailinfo.exe|301710ecfb7896f7\BinProductVersion2.33.0.2 13241300x800000000000000036537Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailinfo.exe|301710ecfb7896f7\LinkDate08/24/2021 10:09:53 13241300x800000000000000036536Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailinfo.exe|301710ecfb7896f7\Publisherthe git development community 13241300x800000000000000036535Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-mailinfo.exe|301710ecfb7896f7\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-mailinfo.exe 13241300x800000000000000036534Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-tree.exe|3da7a7da61dca8d3\BinProductVersion2.33.0.2 13241300x800000000000000036533Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-tree.exe|3da7a7da61dca8d3\LinkDate08/24/2021 10:09:53 13241300x800000000000000036532Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-tree.exe|3da7a7da61dca8d3\Publisherthe git development community 13241300x800000000000000036531Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-tree.exe|3da7a7da61dca8d3\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-ls-tree.exe 13241300x800000000000000036530Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-remote.ex|70eaf315f15c7a6d\BinProductVersion2.33.0.2 13241300x800000000000000036529Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-remote.ex|70eaf315f15c7a6d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036528Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-remote.ex|70eaf315f15c7a6d\Publisherthe git development community 13241300x800000000000000036527Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-remote.ex|70eaf315f15c7a6d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-ls-remote.exe 13241300x800000000000000036526Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-files.exe|1e3ad688e0cb54cf\BinProductVersion2.33.0.2 13241300x800000000000000036525Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-files.exe|1e3ad688e0cb54cf\LinkDate08/24/2021 10:09:53 13241300x800000000000000036524Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-files.exe|1e3ad688e0cb54cf\Publisherthe git development community 13241300x800000000000000036523Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-ls-files.exe|1e3ad688e0cb54cf\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-ls-files.exe 13241300x800000000000000036522Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-log.exe|8e73c205e9f2f0be\BinProductVersion2.33.0.2 13241300x800000000000000036521Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-log.exe|8e73c205e9f2f0be\LinkDate08/24/2021 10:09:53 13241300x800000000000000036520Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-log.exe|8e73c205e9f2f0be\Publisherthe git development community 13241300x800000000000000036519Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-log.exe|8e73c205e9f2f0be\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-log.exe 13241300x800000000000000036518Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\BinProductVersion0.0.0.0 13241300x800000000000000036517Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\LinkDate01/01/1970 00:00:00 13241300x800000000000000036516Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\Publisher(Empty) 13241300x800000000000000036515Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-lfs.exe 13241300x800000000000000036514Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\BinProductVersion2.33.0.2 13241300x800000000000000036513Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\LinkDate08/24/2021 10:09:53 13241300x800000000000000036512Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\Publisherthe git development community 13241300x800000000000000036511Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\LowerCaseLongPathc:\program files\git\cmd\git-lfs.exe 13241300x800000000000000036510Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-interpret-tr|64a626455ecf8a98\BinProductVersion2.33.0.2 13241300x800000000000000036509Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-interpret-tr|64a626455ecf8a98\LinkDate08/24/2021 10:09:53 13241300x800000000000000036508Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-interpret-tr|64a626455ecf8a98\Publisherthe git development community 13241300x800000000000000036507Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-interpret-tr|64a626455ecf8a98\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-interpret-trailers.exe 13241300x800000000000000036506Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init.exe|bfcd122907ddc590\BinProductVersion2.33.0.2 13241300x800000000000000036505Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init.exe|bfcd122907ddc590\LinkDate08/24/2021 10:09:53 13241300x800000000000000036504Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init.exe|bfcd122907ddc590\Publisherthe git development community 13241300x800000000000000036503Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init.exe|bfcd122907ddc590\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-init.exe 13241300x800000000000000036502Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init-db.exe|b6baf86f656c9cd\BinProductVersion2.33.0.2 13241300x800000000000000036501Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init-db.exe|b6baf86f656c9cd\LinkDate08/24/2021 10:09:53 13241300x800000000000000036500Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init-db.exe|b6baf86f656c9cd\Publisherthe git development community 13241300x800000000000000036499Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-init-db.exe|b6baf86f656c9cd\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-init-db.exe 13241300x800000000000000036498Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-index-pack.e|a057507fd54823f\BinProductVersion2.33.0.2 13241300x800000000000000036497Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-index-pack.e|a057507fd54823f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036496Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-index-pack.e|a057507fd54823f\Publisherthe git development community 13241300x800000000000000036495Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-index-pack.e|a057507fd54823f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-index-pack.exe 13241300x800000000000000036494Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\BinProductVersion2.33.0.2 13241300x800000000000000036493Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\LinkDate08/24/2021 10:09:53 13241300x800000000000000036492Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\Publisherthe git development community 13241300x800000000000000036491Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-imap-send.exe 13241300x800000000000000036490Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\BinProductVersion2.33.0.2 13241300x800000000000000036489Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\LinkDate08/24/2021 10:09:53 13241300x800000000000000036488Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\Publisherthe git development community 13241300x800000000000000036487Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-push.exe 13241300x800000000000000036486Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\BinProductVersion2.33.0.2 23542300x800000000000000036485Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:14.308{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PG3AN2E5Y1\PresentationFramework.ni.dllMD5=F4BE31FD7508880EBE11971999150E20,SHA256=67784892A02B103C517FFBCEB07F743E14E727539AADA82138342FEAECD1C8C9,IMPHASH=00000000000000000000000000000000truetrue 13241300x800000000000000036484Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\LinkDate08/24/2021 10:09:53 13241300x800000000000000036483Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\Publisherthe git development community 13241300x800000000000000036482Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-fetch.exe 13241300x800000000000000036481Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\BinProductVersion2.33.0.2 13241300x800000000000000036480Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\LinkDate08/24/2021 10:09:53 13241300x800000000000000036479Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\Publisherthe git development community 13241300x800000000000000036478Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-backend.exe 13241300x800000000000000036477Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-help.exe|d3d7cc6cd9ec775b\BinProductVersion2.33.0.2 13241300x800000000000000036476Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-help.exe|d3d7cc6cd9ec775b\LinkDate08/24/2021 10:09:53 13241300x800000000000000036475Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-help.exe|d3d7cc6cd9ec775b\Publisherthe git development community 13241300x800000000000000036474Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-help.exe|d3d7cc6cd9ec775b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-help.exe 13241300x800000000000000036473Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-hash-object.|ea29aa5df7dca895\BinProductVersion2.33.0.2 13241300x800000000000000036472Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-hash-object.|ea29aa5df7dca895\LinkDate08/24/2021 10:09:53 13241300x800000000000000036471Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-hash-object.|ea29aa5df7dca895\Publisherthe git development community 13241300x800000000000000036470Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-hash-object.|ea29aa5df7dca895\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-hash-object.exe 13241300x800000000000000036469Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\BinProductVersion2.33.0.2 13241300x800000000000000036468Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\LinkDate08/24/2021 10:09:53 13241300x800000000000000036467Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\Publisherthe git development community 13241300x800000000000000036466Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\LowerCaseLongPathc:\program files\git\cmd\git-gui.exe 13241300x800000000000000036465Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-grep.exe|ed39fb46aff75ef0\BinProductVersion2.33.0.2 13241300x800000000000000036464Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-grep.exe|ed39fb46aff75ef0\LinkDate08/24/2021 10:09:53 13241300x800000000000000036463Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-grep.exe|ed39fb46aff75ef0\Publisherthe git development community 13241300x800000000000000036462Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-grep.exe|ed39fb46aff75ef0\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-grep.exe 13241300x800000000000000036461Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-get-tar-comm|7f010af0ea09c9e6\BinProductVersion2.33.0.2 13241300x800000000000000036460Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-get-tar-comm|7f010af0ea09c9e6\LinkDate08/24/2021 10:09:53 13241300x800000000000000036459Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-get-tar-comm|7f010af0ea09c9e6\Publisherthe git development community 13241300x800000000000000036458Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-get-tar-comm|7f010af0ea09c9e6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-get-tar-commit-id.exe 13241300x800000000000000036457Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gc.exe|fdbdc98f5cb28d88\BinProductVersion2.33.0.2 13241300x800000000000000036456Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gc.exe|fdbdc98f5cb28d88\LinkDate08/24/2021 10:09:53 13241300x800000000000000036455Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gc.exe|fdbdc98f5cb28d88\Publisherthe git development community 13241300x800000000000000036454Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-gc.exe|fdbdc98f5cb28d88\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-gc.exe 13241300x800000000000000036453Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsmonitor--d|e5fc2f5ce2dcd18a\BinProductVersion2.33.0.2 13241300x800000000000000036452Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsmonitor--d|e5fc2f5ce2dcd18a\LinkDate08/24/2021 10:09:53 13241300x800000000000000036451Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsmonitor--d|e5fc2f5ce2dcd18a\Publisherthe git development community 13241300x800000000000000036450Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsmonitor--d|e5fc2f5ce2dcd18a\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fsmonitor--daemon.exe 13241300x800000000000000036449Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck.exe|d8efbaa5b906f8b2\BinProductVersion2.33.0.2 13241300x800000000000000036448Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck.exe|d8efbaa5b906f8b2\LinkDate08/24/2021 10:09:53 13241300x800000000000000036447Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck.exe|d8efbaa5b906f8b2\Publisherthe git development community 13241300x800000000000000036446Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck.exe|d8efbaa5b906f8b2\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fsck.exe 13241300x800000000000000036445Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck-objects|2121e55928d75601\BinProductVersion2.33.0.2 13241300x800000000000000036444Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck-objects|2121e55928d75601\LinkDate08/24/2021 10:09:53 13241300x800000000000000036443Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck-objects|2121e55928d75601\Publisherthe git development community 13241300x800000000000000036442Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fsck-objects|2121e55928d75601\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fsck-objects.exe 13241300x800000000000000036441Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-format-patch|9e2e07188f28a95d\BinProductVersion2.33.0.2 13241300x800000000000000036440Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-format-patch|9e2e07188f28a95d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036439Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-format-patch|9e2e07188f28a95d\Publisherthe git development community 13241300x800000000000000036438Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-format-patch|9e2e07188f28a95d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-format-patch.exe 13241300x800000000000000036437Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-rep|c87afe0458a928d\BinProductVersion2.33.0.2 13241300x800000000000000036436Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-rep|c87afe0458a928d\LinkDate08/24/2021 10:09:53 13241300x800000000000000036435Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-rep|c87afe0458a928d\Publisherthe git development community 13241300x800000000000000036434Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-rep|c87afe0458a928d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-for-each-repo.exe 13241300x800000000000000036433Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-ref|3abb92553793f6f\BinProductVersion2.33.0.2 13241300x800000000000000036432Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-ref|3abb92553793f6f\LinkDate08/24/2021 10:09:53 13241300x800000000000000036431Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-ref|3abb92553793f6f\Publisherthe git development community 13241300x800000000000000036430Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-for-each-ref|3abb92553793f6f\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-for-each-ref.exe 13241300x800000000000000036429Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.308{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fmt-merge-ms|d963dc4ca06323fa\BinProductVersion2.33.0.2 13241300x800000000000000036428Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fmt-merge-ms|d963dc4ca06323fa\LinkDate08/24/2021 10:09:53 13241300x800000000000000036427Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fmt-merge-ms|d963dc4ca06323fa\Publisherthe git development community 13241300x800000000000000036426Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.292{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\git-fmt-merge-ms|d963dc4ca06323fa\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-fmt-merge-msg.exe 354300x800000000000000013428Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:14.404{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50090-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013427Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:15.116{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE7A5B827CEAA1E2240C93342E36B377,SHA256=A5696D01BD42534CF603414F31744AD077F55C8F2201E4943C8BD82DF80CE859,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000038034Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\Publishersplunk inc. 13241300x800000000000000038033Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-regmon.exe 13241300x800000000000000038032Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\BinProductVersion(Empty) 13241300x800000000000000038031Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LinkDate02/07/2020 15:18:45 13241300x800000000000000038030Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\Publisher(Empty) 13241300x800000000000000038029Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-powershell.exe 13241300x800000000000000038028Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\BinProductVersion2048.512.24125.32311 13241300x800000000000000038027Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LinkDate02/07/2020 15:18:45 13241300x800000000000000038026Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\Publishersplunk inc. 13241300x800000000000000038025Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-perfmon.exe 13241300x800000000000000038024Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\BinProductVersion2048.512.24125.32311 13241300x800000000000000038023Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LinkDate02/07/2020 15:18:57 13241300x800000000000000038022Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\Publishersplunk inc. 13241300x800000000000000038021Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-netmon.exe 13241300x800000000000000038020Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\BinProductVersion10.0.10011.16384 13241300x800000000000000038019Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LinkDate02/07/2020 15:18:52 13241300x800000000000000038018Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000038017Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-monitornohandle.exe 13241300x800000000000000038016Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\BinProductVersion2048.512.24125.32311 13241300x800000000000000038015Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LinkDate02/07/2020 15:13:21 13241300x800000000000000038014Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\Publishersplunk inc. 13241300x800000000000000038013Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-compresstool.exe 13241300x800000000000000038012Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\BinProductVersion2048.512.24125.32311 13241300x800000000000000038011Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LinkDate02/07/2020 15:19:19 13241300x800000000000000038010Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\Publishersplunk inc. 13241300x800000000000000038009Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-admon.exe 13241300x800000000000000038008Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinProductVersion10.0.10011.16384 13241300x800000000000000038007Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LinkDate09/27/2019 18:25:44 13241300x800000000000000038006Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000038005Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splknetdrv.sys 13241300x800000000000000038004Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\BinProductVersion(Empty) 13241300x800000000000000038003Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LinkDate01/10/2020 00:48:57 13241300x800000000000000038002Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\Publisher(Empty) 13241300x800000000000000038001Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\openssl.exe 13241300x800000000000000038000Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\BinProductVersion2048.512.24125.32311 13241300x800000000000000037999Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LinkDate02/07/2020 15:13:14 13241300x800000000000000037998Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\Publishersplunk inc. 13241300x800000000000000037997Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\classify.exe 13241300x800000000000000037996Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\BinProductVersion2048.512.24125.32311 13241300x800000000000000037995Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LinkDate02/07/2020 15:12:56 13241300x800000000000000037994Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\Publishersplunk inc. 13241300x800000000000000037993Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btprobe.exe 13241300x800000000000000037992Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\BinProductVersion2048.512.24125.32311 13241300x800000000000000037991Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LinkDate02/07/2020 15:12:56 13241300x800000000000000037990Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\Publishersplunk inc. 13241300x800000000000000037989Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btool.exe 13241300x800000000000000037988Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\00006e465eb93b9ef9ed1111015f594f733000000904\PublisherSplunk, Inc. 13241300x800000000000000037987Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.199{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000a32b64966830ad0100b29547ca55110200000904\PublisherAmazon Web Services 13241300x800000000000000037986Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\BinProductVersion10.0.60828.0 13241300x800000000000000037985Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\LinkDate12/22/2017 05:08:07 13241300x800000000000000037984Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\Publishermicrosoft corporation 13241300x800000000000000037983Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\LowerCaseLongPathc:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe 13241300x800000000000000037982Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\BinProductVersion10.0.60828.0 13241300x800000000000000037981Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\LinkDate12/22/2017 05:12:25 13241300x800000000000000037980Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\Publishermicrosoft corporation 13241300x800000000000000037979Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\LowerCaseLongPathc:\program files (x86)\common files\microsoft shared\vsto\10.0\vstoinstaller.exe 13241300x800000000000000037978Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.152{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\00008ec035f743c685a78b10837512fd79d000000000\PublisherMicrosoft Corporation 13241300x800000000000000037977Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.089{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\BinProductVersion(Empty) 13241300x800000000000000037976Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.089{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\LinkDate01/01/1970 00:00:00 13241300x800000000000000037975Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.089{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\Publisher(Empty) 13241300x800000000000000037974Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.089{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\LowerCaseLongPathc:\program files\amazon\ssm\ssm-agent-worker.exe 13241300x800000000000000037973Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.089{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000baee2e2803b311fae39811010e5c0b1800000904\PublisherAmazon Web Services 23542300x800000000000000037972Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:15.058{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PG3AN2E5Y1\PresentationFramework.ni.dll.auxMD5=1CD640D915EAE872FC60479FB1991D49,SHA256=4136E63F0E092B2DB0DB99F29185481D5F9CF9273FB96BB33273FC4B8F077704,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000037971Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\BinProductVersion8.2.9.8 13241300x800000000000000037970Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LinkDate07/08/2020 18:42:42 13241300x800000000000000037969Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\Publisheramazon inc. 13241300x800000000000000037968Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\xenvif.sys 13241300x800000000000000037967Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\BinProductVersion8.4.0.11 13241300x800000000000000037966Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LinkDate01/12/2021 17:17:37 13241300x800000000000000037965Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\Publisheramazon inc. 13241300x800000000000000037964Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xenvbd.sys 13241300x800000000000000037963Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\BinProductVersion8.2.5.32 13241300x800000000000000037962Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LinkDate11/19/2018 22:01:56 13241300x800000000000000037961Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\Publisheramazon inc. 13241300x800000000000000037960Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\xennet.sys 13241300x800000000000000037959Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\BinProductVersion8.2.7.5 13241300x800000000000000037958Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LinkDate12/16/2019 19:58:01 13241300x800000000000000037957Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\Publisheramazon inc. 13241300x800000000000000037956Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\xeniface.sys 13241300x800000000000000037955Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\BinProductVersion8.3.0.7 13241300x800000000000000037954Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LinkDate02/12/2021 02:15:56 13241300x800000000000000037953Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\Publisheramazon inc. 13241300x800000000000000037952Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenfilt.sys 13241300x800000000000000037951Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\BinProductVersion8.4.0.11 13241300x800000000000000037950Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\LinkDate01/12/2021 17:17:43 13241300x800000000000000037949Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\Publisheramazon inc. 13241300x800000000000000037948Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xendisk.sys|eea975986c3a667d\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xendisk.sys 13241300x800000000000000037947Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\BinProductVersion8.4.0.11 13241300x800000000000000037946Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LinkDate01/12/2021 17:17:19 13241300x800000000000000037945Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\Publisheramazon inc. 13241300x800000000000000037944Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xencrsh.sys 13241300x800000000000000037943Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\BinProductVersion8.3.0.7 13241300x800000000000000037942Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LinkDate02/12/2021 02:15:52 13241300x800000000000000037941Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\Publisheramazon inc. 13241300x800000000000000037940Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenbus.sys 13241300x800000000000000037939Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\BinProductVersion8.3.0.7 13241300x800000000000000037938Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LinkDate02/12/2021 02:15:39 13241300x800000000000000037937Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\Publisheramazon inc. 13241300x800000000000000037936Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xen.sys 13241300x800000000000000037935Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\BinProductVersion8.2.7.5 13241300x800000000000000037934Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LinkDate12/16/2019 19:58:07 13241300x800000000000000037933Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\Publisheramazon inc. 13241300x800000000000000037932Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\liteagent.exe 13241300x800000000000000037931Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\BinProductVersion2.1.0.0 13241300x800000000000000037930Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LinkDate05/23/2009 10:37:17 13241300x800000000000000037929Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\Publishermicrosoft corporation 13241300x800000000000000037928Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\dpinst.exe 13241300x800000000000000037927Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\BinProductVersion2.1.0.0 13241300x800000000000000037926Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LinkDate05/23/2009 10:37:17 13241300x800000000000000037925Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\Publishermicrosoft corporation 13241300x800000000000000037924Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\dpinst.exe 13241300x800000000000000037923Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\BinProductVersion2.1.0.0 13241300x800000000000000037922Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LinkDate05/23/2009 10:37:17 13241300x800000000000000037921Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\Publishermicrosoft corporation 13241300x800000000000000037920Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\dpinst.exe 13241300x800000000000000037919Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\BinProductVersion2.1.0.0 13241300x800000000000000037918Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LinkDate05/23/2009 10:37:17 13241300x800000000000000037917Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\Publishermicrosoft corporation 13241300x800000000000000037916Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\dpinst.exe 13241300x800000000000000037915Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\BinProductVersion2.1.0.0 13241300x800000000000000037914Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LinkDate05/23/2009 10:37:17 13241300x800000000000000037913Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\Publishermicrosoft corporation 13241300x800000000000000037912Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\dpinst.exe 13241300x800000000000000037911Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.011{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000ecb9837aa96085e95a514805c6e0a2b900000904\PublisherAmazon Web Services 13241300x800000000000000037910Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.683{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000c27c9fa19b318e2f294a4ee09334849d00000904\PublisherMicrosoft Corporation 13241300x800000000000000037909Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\BinProductVersion8.1.4.0 13241300x800000000000000037908Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\LinkDate12/15/2018 22:24:36 13241300x800000000000000037907Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\Publisherdon ho don.h@free.fr 13241300x800000000000000037906Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\LowerCaseLongPathc:\program files\notepad++\uninstall.exe 13241300x800000000000000037905Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\notepad++.exe|9b63189e96115672\BinProductVersion8.1.4.0 13241300x800000000000000037904Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\notepad++.exe|9b63189e96115672\LinkDate08/21/2021 11:09:03 13241300x800000000000000037903Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\notepad++.exe|9b63189e96115672\Publisherdon ho don.h@free.fr 13241300x800000000000000037902Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\notepad++.exe|9b63189e96115672\LowerCaseLongPathc:\program files\notepad++\notepad++.exe 13241300x800000000000000037901Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\BinProductVersion5.2.0.0 13241300x800000000000000037900Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\LinkDate05/17/2021 17:20:17 13241300x800000000000000037899Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\Publisherdon ho don.h@free.fr 13241300x800000000000000037898Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\LowerCaseLongPathc:\program files\notepad++\updater\gup.exe 13241300x800000000000000037897Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.605{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\000054df8d81ee28acba540d25903571f45c0000ffff\PublisherNotepad++ Team 13241300x800000000000000037896Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\BinProductVersion1.0.0.0 13241300x800000000000000037895Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LinkDate12/11/2016 21:50:55 13241300x800000000000000037894Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\Publishermozilla corporation 13241300x800000000000000037893Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\uninstall.exe 13241300x800000000000000037892Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\BinProductVersion92.0.0.7916 13241300x800000000000000037891Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LinkDate09/04/2021 01:12:55 13241300x800000000000000037890Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\Publishermozilla foundation 13241300x800000000000000037889Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\maintenanceservice.exe 13241300x800000000000000037888Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000d8b5a39e300d252203eba88dad4b9b8f0000ffff\PublisherMozilla 13241300x800000000000000037887Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion92.0.0.7916 13241300x800000000000000037886Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate09/04/2021 01:12:24 13241300x800000000000000037885Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publishermozilla foundation 13241300x800000000000000037884Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPathc:\program files\mozilla firefox\updater.exe 13241300x800000000000000037883Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion92.0.0.0 13241300x800000000000000037882Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.589{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate09/04/2021 01:22:57 13241300x800000000000000037881Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publishermozilla corporation 13241300x800000000000000037880Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPathc:\program files\mozilla firefox\plugin-container.exe 13241300x800000000000000037879Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion92.0.0.7916 13241300x800000000000000037878Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate09/04/2021 01:12:56 13241300x800000000000000037877Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publishermozilla foundation 13241300x800000000000000037876Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPathc:\program files\mozilla firefox\pingsender.exe 13241300x800000000000000037875Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion92.0.0.7916 13241300x800000000000000037874Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate09/04/2021 01:12:56 13241300x800000000000000037873Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publishermozilla foundation 13241300x800000000000000037872Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPathc:\program files\mozilla firefox\minidump-analyzer.exe 13241300x800000000000000037871Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion1.0.0.0 13241300x800000000000000037870Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate12/11/2016 21:50:55 13241300x800000000000000037869Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publishermozilla corporation 13241300x800000000000000037868Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice_installer.exe 13241300x800000000000000037867Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion92.0.0.7916 13241300x800000000000000037866Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate09/04/2021 01:12:55 13241300x800000000000000037865Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publishermozilla foundation 13241300x800000000000000037864Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice.exe 13241300x800000000000000037863Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\BinProductVersion1.0.0.0 13241300x800000000000000037862Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LinkDate12/11/2016 21:50:55 13241300x800000000000000037861Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\Publishermozilla corporation 13241300x800000000000000037860Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LowerCaseLongPathc:\program files\mozilla firefox\uninstall\helper.exe 13241300x800000000000000037859Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion92.0.0.0 13241300x800000000000000037858Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate09/04/2021 01:12:38 13241300x800000000000000037857Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publishermozilla corporation 13241300x800000000000000037856Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPathc:\program files\mozilla firefox\firefox.exe 13241300x800000000000000037855Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion92.0.0.7916 13241300x800000000000000037854Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate09/04/2021 01:15:53 13241300x800000000000000037853Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publishermozilla foundation 13241300x800000000000000037852Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.574{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPathc:\program files\mozilla firefox\default-browser-agent.exe 13241300x800000000000000037851Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.559{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion92.0.0.7916 13241300x800000000000000037850Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.559{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate09/04/2021 01:13:34 13241300x800000000000000037849Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.559{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publishermozilla foundation 13241300x800000000000000037848Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.559{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPathc:\program files\mozilla firefox\crashreporter.exe 13241300x800000000000000037847Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.559{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000bba421584ad60cf2375ea32da0b18e7f0000ffff\PublisherMozilla 13241300x800000000000000037846Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.511{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ziptool.exe|7269435f129e6e01\BinProductVersion(Empty) 13241300x800000000000000037845Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ziptool.exe|7269435f129e6e01\LinkDate01/01/1970 00:00:00 13241300x800000000000000037844Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ziptool.exe|7269435f129e6e01\Publisher(Empty) 13241300x800000000000000037843Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ziptool.exe|7269435f129e6e01\LowerCaseLongPathc:\program files\git\mingw64\bin\ziptool.exe 13241300x800000000000000037842Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipmerge.exe|13ce9e43b33787b4\BinProductVersion(Empty) 13241300x800000000000000037841Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipmerge.exe|13ce9e43b33787b4\LinkDate01/01/1970 00:00:00 13241300x800000000000000037840Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipmerge.exe|13ce9e43b33787b4\Publisher(Empty) 13241300x800000000000000037839Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipmerge.exe|13ce9e43b33787b4\LowerCaseLongPathc:\program files\git\mingw64\bin\zipmerge.exe 13241300x800000000000000037838Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\BinProductVersion(Empty) 13241300x800000000000000037837Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\LinkDate05/08/2031 18:06:26 13241300x800000000000000037836Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\Publisher(Empty) 13241300x800000000000000037835Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\LowerCaseLongPathc:\program files\git\usr\bin\zipinfo.exe 13241300x800000000000000037834Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipcmp.exe|72e4c18935f10855\BinProductVersion(Empty) 13241300x800000000000000037833Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipcmp.exe|72e4c18935f10855\LinkDate01/01/1970 00:00:00 13241300x800000000000000037832Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipcmp.exe|72e4c18935f10855\Publisher(Empty) 13241300x800000000000000037831Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\zipcmp.exe|72e4c18935f10855\LowerCaseLongPathc:\program files\git\mingw64\bin\zipcmp.exe 13241300x800000000000000037830Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\BinProductVersion(Empty) 13241300x800000000000000037829Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\LinkDate01/01/1970 00:00:00 13241300x800000000000000037828Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\Publisher(Empty) 13241300x800000000000000037827Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\LowerCaseLongPathc:\program files\git\usr\bin\yes.exe 13241300x800000000000000037826Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\BinProductVersion(Empty) 13241300x800000000000000037825Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\LinkDate01/01/1970 00:00:00 13241300x800000000000000037824Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\Publisher(Empty) 13241300x800000000000000037823Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\LowerCaseLongPathc:\program files\git\usr\bin\yat2m.exe 13241300x800000000000000037822Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\BinProductVersion5.2.5.0 13241300x800000000000000037821Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\LinkDate01/01/1970 00:00:00 13241300x800000000000000037820Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037819Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\LowerCaseLongPathc:\program files\git\mingw64\bin\xzdec.exe 13241300x800000000000000037818Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\BinProductVersion5.2.5.0 13241300x800000000000000037817Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\LinkDate01/01/1970 00:00:00 13241300x800000000000000037816Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037815Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\LowerCaseLongPathc:\program files\git\mingw64\bin\xzcat.exe 13241300x800000000000000037814Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\BinProductVersion5.2.5.0 13241300x800000000000000037813Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\LinkDate01/01/1970 00:00:00 13241300x800000000000000037812Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037811Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\LowerCaseLongPathc:\program files\git\mingw64\bin\xz.exe 13241300x800000000000000037810Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\BinProductVersion(Empty) 13241300x800000000000000037809Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\LinkDate01/01/1970 00:00:00 13241300x800000000000000037808Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\Publisher(Empty) 13241300x800000000000000037807Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\LowerCaseLongPathc:\program files\git\usr\bin\xxd.exe 13241300x800000000000000037806Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\BinProductVersion(Empty) 13241300x800000000000000037805Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037804Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\Publisher(Empty) 13241300x800000000000000037803Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\LowerCaseLongPathc:\program files\git\mingw64\bin\xmlwf.exe 13241300x800000000000000037802Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmllint.exe|4edab855de35972b\BinProductVersion(Empty) 13241300x800000000000000037801Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmllint.exe|4edab855de35972b\LinkDate01/01/1970 00:00:00 13241300x800000000000000037800Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.496{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmllint.exe|4edab855de35972b\Publisher(Empty) 13241300x800000000000000037799Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmllint.exe|4edab855de35972b\LowerCaseLongPathc:\program files\git\mingw64\bin\xmllint.exe 13241300x800000000000000037798Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlcatalog.exe|ad3a3f621c028adc\BinProductVersion(Empty) 13241300x800000000000000037797Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlcatalog.exe|ad3a3f621c028adc\LinkDate01/01/1970 00:00:00 13241300x800000000000000037796Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlcatalog.exe|ad3a3f621c028adc\Publisher(Empty) 13241300x800000000000000037795Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xmlcatalog.exe|ad3a3f621c028adc\LowerCaseLongPathc:\program files\git\mingw64\bin\xmlcatalog.exe 13241300x800000000000000037794Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\BinProductVersion(Empty) 13241300x800000000000000037793Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\LinkDate07/19/2029 06:51:46 13241300x800000000000000037792Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\Publisher(Empty) 13241300x800000000000000037791Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\LowerCaseLongPathc:\program files\git\usr\bin\xgettext.exe 13241300x800000000000000037790Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\BinProductVersion(Empty) 13241300x800000000000000037789Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\LinkDate01/01/1970 00:00:00 13241300x800000000000000037788Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\Publisher(Empty) 13241300x800000000000000037787Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\LowerCaseLongPathc:\program files\git\usr\bin\xargs.exe 13241300x800000000000000037786Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|dda5875a0a94e702\BinProductVersion(Empty) 13241300x800000000000000037785Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|dda5875a0a94e702\LinkDate01/01/1970 00:00:00 13241300x800000000000000037784Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|dda5875a0a94e702\Publisher(Empty) 13241300x800000000000000037783Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|dda5875a0a94e702\LowerCaseLongPathc:\program files\git\mingw64\bin\x86_64-w64-mingw32-deflatehd.exe 13241300x800000000000000037782Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|d480e6241e2b429f\BinProductVersion(Empty) 13241300x800000000000000037781Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|d480e6241e2b429f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037780Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|d480e6241e2b429f\Publisher(Empty) 13241300x800000000000000037779Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|d480e6241e2b429f\LowerCaseLongPathc:\program files\git\mingw64\bin\x86_64-w64-mingw32-inflatehd.exe 13241300x800000000000000037778Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\BinProductVersion(Empty) 13241300x800000000000000037777Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\LinkDate01/01/1970 00:00:00 13241300x800000000000000037776Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\Publisher(Empty) 13241300x800000000000000037775Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\LowerCaseLongPathc:\program files\git\mingw64\bin\x86_64-w64-mingw32-agrep.exe 13241300x800000000000000037774Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\BinProductVersion8.6.2.11 13241300x800000000000000037773Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037772Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\Publisheractivestate corporation 13241300x800000000000000037771Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\LowerCaseLongPathc:\program files\git\mingw64\bin\wish86.exe 13241300x800000000000000037770Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\BinProductVersion8.6.2.11 13241300x800000000000000037769Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\LinkDate01/01/1970 00:00:00 13241300x800000000000000037768Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\Publisheractivestate corporation 13241300x800000000000000037767Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.480{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\LowerCaseLongPathc:\program files\git\mingw64\bin\wish.exe 13241300x800000000000000037766Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\BinProductVersion(Empty) 13241300x800000000000000037765Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\LinkDate11/17/2017 22:11:01 13241300x800000000000000037764Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\Publisher(Empty) 13241300x800000000000000037763Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\LowerCaseLongPathc:\program files\git\mingw64\bin\wintoast.exe 13241300x800000000000000037762Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\BinProductVersion(Empty) 13241300x800000000000000037761Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\LinkDate06/19/2025 15:30:53 13241300x800000000000000037760Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\Publisher(Empty) 13241300x800000000000000037759Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\LowerCaseLongPathc:\program files\git\usr\bin\winpty.exe 13241300x800000000000000037758Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\BinProductVersion(Empty) 13241300x800000000000000037757Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\LinkDate05/08/2031 18:06:26 13241300x800000000000000037756Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\Publisher(Empty) 13241300x800000000000000037755Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\LowerCaseLongPathc:\program files\git\usr\bin\winpty-debugserver.exe 13241300x800000000000000037754Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\BinProductVersion(Empty) 13241300x800000000000000037753Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\LinkDate05/08/2031 18:06:26 13241300x800000000000000037752Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\Publisher(Empty) 13241300x800000000000000037751Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\LowerCaseLongPathc:\program files\git\usr\bin\winpty-agent.exe 13241300x800000000000000037750Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\BinProductVersion(Empty) 13241300x800000000000000037749Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\LinkDate01/01/1970 00:00:00 13241300x800000000000000037748Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\Publisher(Empty) 13241300x800000000000000037747Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\LowerCaseLongPathc:\program files\git\mingw64\bin\whouses.exe 13241300x800000000000000037746Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\BinProductVersion(Empty) 13241300x800000000000000037745Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\LinkDate01/01/1970 00:00:00 13241300x800000000000000037744Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\Publisher(Empty) 13241300x800000000000000037743Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\LowerCaseLongPathc:\program files\git\usr\bin\whoami.exe 13241300x800000000000000037742Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\BinProductVersion(Empty) 13241300x800000000000000037741Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\LinkDate01/01/1970 00:00:00 13241300x800000000000000037740Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\Publisher(Empty) 13241300x800000000000000037739Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\LowerCaseLongPathc:\program files\git\usr\bin\who.exe 13241300x800000000000000037738Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\BinProductVersion(Empty) 13241300x800000000000000037737Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\LinkDate01/02/1970 12:24:32 13241300x800000000000000037736Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\Publisher(Empty) 13241300x800000000000000037735Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\LowerCaseLongPathc:\program files\git\usr\bin\which.exe 13241300x800000000000000037734Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\BinProductVersion(Empty) 13241300x800000000000000037733Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\LinkDate01/01/1970 00:00:00 13241300x800000000000000037732Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\Publisher(Empty) 13241300x800000000000000037731Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\LowerCaseLongPathc:\program files\git\usr\bin\wc.exe 13241300x800000000000000037730Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\BinProductVersion(Empty) 13241300x800000000000000037729Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\LinkDate01/01/1970 00:00:00 13241300x800000000000000037728Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\Publisher(Empty) 13241300x800000000000000037727Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\LowerCaseLongPathc:\program files\git\usr\bin\watchgnupg.exe 13241300x800000000000000037726Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\BinProductVersion(Empty) 13241300x800000000000000037725Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037724Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\Publisher(Empty) 13241300x800000000000000037723Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\LowerCaseLongPathc:\program files\git\usr\bin\vimdiff.exe 13241300x800000000000000037722Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\BinProductVersion(Empty) 13241300x800000000000000037721Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\LinkDate01/01/1970 00:00:00 13241300x800000000000000037720Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\Publisher(Empty) 13241300x800000000000000037719Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\LowerCaseLongPathc:\program files\git\usr\bin\vim.exe 13241300x800000000000000037718Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\BinProductVersion(Empty) 13241300x800000000000000037717Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\LinkDate01/01/1970 00:00:00 13241300x800000000000000037716Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\Publisher(Empty) 13241300x800000000000000037715Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\LowerCaseLongPathc:\program files\git\usr\bin\view.exe 13241300x800000000000000037714Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\BinProductVersion(Empty) 13241300x800000000000000037713Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037712Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\Publisher(Empty) 13241300x800000000000000037711Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\LowerCaseLongPathc:\program files\git\usr\bin\vdir.exe 13241300x800000000000000037710Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\BinProductVersion(Empty) 13241300x800000000000000037709Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\LinkDate01/01/1970 00:00:00 13241300x800000000000000037708Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.464{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\Publisher(Empty) 13241300x800000000000000037707Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\LowerCaseLongPathc:\program files\git\usr\bin\users.exe 13241300x800000000000000037706Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\BinProductVersion(Empty) 13241300x800000000000000037705Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\LinkDate06/19/2025 15:30:53 13241300x800000000000000037704Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\Publisher(Empty) 13241300x800000000000000037703Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\LowerCaseLongPathc:\program files\git\usr\lib\gettext\urlget.exe 13241300x800000000000000037702Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\BinProductVersion(Empty) 13241300x800000000000000037701Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\LinkDate05/08/2031 18:06:26 13241300x800000000000000037700Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\Publisher(Empty) 13241300x800000000000000037699Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\LowerCaseLongPathc:\program files\git\usr\bin\unzipsfx.exe 13241300x800000000000000037698Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\BinProductVersion(Empty) 13241300x800000000000000037697Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\LinkDate05/08/2031 18:06:26 13241300x800000000000000037696Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\Publisher(Empty) 13241300x800000000000000037695Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\LowerCaseLongPathc:\program files\git\usr\bin\unzip.exe 13241300x800000000000000037694Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\BinProductVersion5.2.5.0 13241300x800000000000000037693Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\LinkDate01/01/1970 00:00:00 13241300x800000000000000037692Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\Publisherthe tukaani project <https://tukaani.org/> 13241300x800000000000000037691Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\LowerCaseLongPathc:\program files\git\mingw64\bin\unxz.exe 13241300x800000000000000037690Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\BinProductVersion(Empty) 13241300x800000000000000037689Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037688Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\Publisher(Empty) 13241300x800000000000000037687Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\LowerCaseLongPathc:\program files\git\usr\bin\unlink.exe 13241300x800000000000000037686Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\BinProductVersion(Empty) 13241300x800000000000000037685Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\LinkDate01/01/1970 00:00:00 13241300x800000000000000037684Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\Publisher(Empty) 13241300x800000000000000037683Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\LowerCaseLongPathc:\program files\git\usr\bin\unix2mac.exe 13241300x800000000000000037682Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\BinProductVersion(Empty) 13241300x800000000000000037681Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\LinkDate01/01/1970 00:00:00 13241300x800000000000000037680Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\Publisher(Empty) 13241300x800000000000000037679Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\LowerCaseLongPathc:\program files\git\usr\bin\unix2dos.exe 13241300x800000000000000037678Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\BinProductVersion(Empty) 13241300x800000000000000037677Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\LinkDate01/01/1970 00:00:00 13241300x800000000000000037676Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\Publisher(Empty) 13241300x800000000000000037675Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\LowerCaseLongPathc:\program files\git\usr\bin\uniq.exe 13241300x800000000000000037674Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\BinProductVersion2.33.0.2 13241300x800000000000000037673Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\LinkDate11/15/2020 09:48:32 13241300x800000000000000037672Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\Publisherthe git development community 13241300x800000000000000037671Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\LowerCaseLongPathc:\program files\git\unins000.exe 13241300x800000000000000037670Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\BinProductVersion(Empty) 13241300x800000000000000037669Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037668Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\Publisher(Empty) 13241300x800000000000000037667Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\LowerCaseLongPathc:\program files\git\usr\bin\unexpand.exe 13241300x800000000000000037666Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\BinProductVersion(Empty) 13241300x800000000000000037665Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037664Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\Publisher(Empty) 13241300x800000000000000037663Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\LowerCaseLongPathc:\program files\git\usr\bin\uname.exe 13241300x800000000000000037662Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\BinProductVersion(Empty) 13241300x800000000000000037661Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\LinkDate03/26/2021 22:24:41 13241300x800000000000000037660Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\Publisher(Empty) 13241300x800000000000000037659Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\LowerCaseLongPathc:\program files\git\usr\bin\umount.exe 13241300x800000000000000037658Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.449{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\BinProductVersion(Empty) 13241300x800000000000000037657Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037656Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\Publisher(Empty) 13241300x800000000000000037655Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\LowerCaseLongPathc:\program files\git\usr\bin\u2d.exe 13241300x800000000000000037654Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\BinProductVersion(Empty) 13241300x800000000000000037653Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\LinkDate03/26/2021 22:24:41 13241300x800000000000000037652Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\Publisher(Empty) 13241300x800000000000000037651Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\LowerCaseLongPathc:\program files\git\usr\bin\tzset.exe 13241300x800000000000000037650Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\BinProductVersion(Empty) 13241300x800000000000000037649Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\LinkDate01/01/1970 00:00:00 13241300x800000000000000037648Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\Publisher(Empty) 13241300x800000000000000037647Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\LowerCaseLongPathc:\program files\git\usr\bin\tty.exe 13241300x800000000000000037646Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\BinProductVersion(Empty) 13241300x800000000000000037645Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037644Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\Publisher(Empty) 13241300x800000000000000037643Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\LowerCaseLongPathc:\program files\git\usr\bin\tsort.exe 13241300x800000000000000037642Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\BinProductVersion(Empty) 13241300x800000000000000037641Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\LinkDate01/01/1970 00:00:00 13241300x800000000000000037640Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\Publisher(Empty) 13241300x800000000000000037639Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\LowerCaseLongPathc:\program files\git\usr\bin\tset.exe 13241300x800000000000000037638Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\BinProductVersion(Empty) 13241300x800000000000000037637Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\LinkDate01/01/1970 00:00:00 13241300x800000000000000037636Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\Publisher(Empty) 13241300x800000000000000037635Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\LowerCaseLongPathc:\program files\git\usr\bin\trust.exe 13241300x800000000000000037634Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\BinProductVersion(Empty) 13241300x800000000000000037633Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037632Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\Publisher(Empty) 13241300x800000000000000037631Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\LowerCaseLongPathc:\program files\git\usr\bin\truncate.exe 13241300x800000000000000037630Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\BinProductVersion(Empty) 13241300x800000000000000037629Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\LinkDate01/01/1970 00:00:00 13241300x800000000000000037628Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\Publisher(Empty) 13241300x800000000000000037627Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\LowerCaseLongPathc:\program files\git\usr\bin\true.exe 13241300x800000000000000037626Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\BinProductVersion(Empty) 13241300x800000000000000037625Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\LinkDate01/01/1970 00:00:00 13241300x800000000000000037624Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\Publisher(Empty) 13241300x800000000000000037623Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\LowerCaseLongPathc:\program files\git\usr\bin\tr.exe 13241300x800000000000000037622Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\BinProductVersion(Empty) 13241300x800000000000000037621Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\LinkDate01/01/1970 00:00:00 13241300x800000000000000037620Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\Publisher(Empty) 13241300x800000000000000037619Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\LowerCaseLongPathc:\program files\git\usr\bin\tput.exe 13241300x800000000000000037618Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\BinProductVersion(Empty) 13241300x800000000000000037617Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\LinkDate01/01/1970 00:00:00 13241300x800000000000000037616Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\Publisher(Empty) 13241300x800000000000000037615Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\LowerCaseLongPathc:\program files\git\usr\bin\touch.exe 13241300x800000000000000037614Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\BinProductVersion(Empty) 13241300x800000000000000037613Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\LinkDate01/01/1970 00:00:00 13241300x800000000000000037612Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\Publisher(Empty) 13241300x800000000000000037611Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\LowerCaseLongPathc:\program files\git\usr\bin\toe.exe 13241300x800000000000000037610Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\BinProductVersion(Empty) 13241300x800000000000000037609Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037608Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\Publisher(Empty) 13241300x800000000000000037607Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\LowerCaseLongPathc:\program files\git\usr\bin\timeout.exe 13241300x800000000000000037606Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\BinProductVersion(Empty) 13241300x800000000000000037605Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\LinkDate01/01/1970 00:00:00 13241300x800000000000000037604Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\Publisher(Empty) 13241300x800000000000000037603Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\LowerCaseLongPathc:\program files\git\usr\bin\tig.exe 13241300x800000000000000037602Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\BinProductVersion(Empty) 13241300x800000000000000037601Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037600Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\Publisher(Empty) 13241300x800000000000000037599Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\LowerCaseLongPathc:\program files\git\usr\bin\tic.exe 13241300x800000000000000037598Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\BinProductVersion(Empty) 13241300x800000000000000037597Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037596Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\Publisher(Empty) 13241300x800000000000000037595Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\LowerCaseLongPathc:\program files\git\usr\bin\test.exe 13241300x800000000000000037594Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\BinProductVersion(Empty) 13241300x800000000000000037593Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037592Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\Publisher(Empty) 13241300x800000000000000037591Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\LowerCaseLongPathc:\program files\git\usr\bin\tee.exe 13241300x800000000000000037590Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\BinProductVersion8.6.2.11 13241300x800000000000000037589Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\LinkDate01/01/1970 00:00:00 13241300x800000000000000037588Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\Publisheractivestate corporation 13241300x800000000000000037587Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\LowerCaseLongPathc:\program files\git\mingw64\bin\tclsh86.exe 13241300x800000000000000037586Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\BinProductVersion8.6.2.11 13241300x800000000000000037585Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\LinkDate01/01/1970 00:00:00 13241300x800000000000000037584Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\Publisheractivestate corporation 13241300x800000000000000037583Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\LowerCaseLongPathc:\program files\git\mingw64\bin\tclsh.exe 13241300x800000000000000037582Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\BinProductVersion(Empty) 13241300x800000000000000037581Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037580Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\Publisher(Empty) 13241300x800000000000000037579Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\LowerCaseLongPathc:\program files\git\usr\bin\tar.exe 13241300x800000000000000037578Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\BinProductVersion(Empty) 13241300x800000000000000037577Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037576Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\Publisher(Empty) 13241300x800000000000000037575Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\LowerCaseLongPathc:\program files\git\usr\bin\tail.exe 13241300x800000000000000037574Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\BinProductVersion(Empty) 13241300x800000000000000037573Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037572Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\Publisher(Empty) 13241300x800000000000000037571Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\LowerCaseLongPathc:\program files\git\usr\bin\tac.exe 13241300x800000000000000037570Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\BinProductVersion(Empty) 13241300x800000000000000037569Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037568Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\Publisher(Empty) 13241300x800000000000000037567Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\LowerCaseLongPathc:\program files\git\usr\bin\tabs.exe 13241300x800000000000000037566Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\BinProductVersion(Empty) 13241300x800000000000000037565Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\LinkDate01/01/1970 00:00:00 13241300x800000000000000037564Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\Publisher(Empty) 13241300x800000000000000037563Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\LowerCaseLongPathc:\program files\git\usr\bin\sync.exe 13241300x800000000000000037562Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\BinProductVersion(Empty) 13241300x800000000000000037561Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\LinkDate01/01/1970 00:00:00 13241300x800000000000000037560Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\Publisher(Empty) 13241300x800000000000000037559Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\LowerCaseLongPathc:\program files\git\usr\bin\sum.exe 13241300x800000000000000037558Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\BinProductVersion(Empty) 13241300x800000000000000037557Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\LinkDate01/01/1970 00:00:00 13241300x800000000000000037556Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\Publisher(Empty) 13241300x800000000000000037555Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\LowerCaseLongPathc:\program files\git\usr\bin\stty.exe 13241300x800000000000000037554Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\BinProductVersion(Empty) 13241300x800000000000000037553Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\LinkDate03/26/2021 22:24:41 13241300x800000000000000037552Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\Publisher(Empty) 13241300x800000000000000037551Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\LowerCaseLongPathc:\program files\git\usr\bin\strace.exe 13241300x800000000000000037550Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\BinProductVersion(Empty) 13241300x800000000000000037549Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\LinkDate01/01/1970 00:00:00 13241300x800000000000000037548Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\Publisher(Empty) 13241300x800000000000000037547Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\LowerCaseLongPathc:\program files\git\usr\bin\stat.exe 13241300x800000000000000037546Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\BinProductVersion(Empty) 13241300x800000000000000037545Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\LinkDate03/26/2021 22:24:41 13241300x800000000000000037544Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\Publisher(Empty) 13241300x800000000000000037543Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\LowerCaseLongPathc:\program files\git\usr\bin\ssp.exe 13241300x800000000000000037542Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\BinProductVersion(Empty) 13241300x800000000000000037541Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\LinkDate01/01/1970 00:00:00 13241300x800000000000000037540Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\Publisher(Empty) 13241300x800000000000000037539Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\LowerCaseLongPathc:\program files\git\usr\bin\sshd.exe 13241300x800000000000000037538Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\BinProductVersion(Empty) 13241300x800000000000000037537Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037536Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\Publisher(Empty) 13241300x800000000000000037535Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\LowerCaseLongPathc:\program files\git\usr\bin\ssh.exe 13241300x800000000000000037534Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\BinProductVersion(Empty) 13241300x800000000000000037533Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\LinkDate01/01/1970 00:00:00 13241300x800000000000000037532Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\Publisher(Empty) 13241300x800000000000000037531Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-sk-helper.exe 13241300x800000000000000037530Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\BinProductVersion(Empty) 13241300x800000000000000037529Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\LinkDate01/01/1970 00:00:00 13241300x800000000000000037528Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\Publisher(Empty) 13241300x800000000000000037527Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-pkcs11-helper.exe 13241300x800000000000000037526Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\BinProductVersion(Empty) 13241300x800000000000000037525Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037524Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\Publisher(Empty) 13241300x800000000000000037523Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\LowerCaseLongPathc:\program files\git\usr\bin\ssh-pageant.exe 13241300x800000000000000037522Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\BinProductVersion(Empty) 13241300x800000000000000037521Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\LinkDate01/01/1970 00:00:00 13241300x800000000000000037520Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\Publisher(Empty) 13241300x800000000000000037519Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-keysign.exe 13241300x800000000000000037518Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\BinProductVersion(Empty) 13241300x800000000000000037517Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\LinkDate01/01/1970 00:00:00 13241300x800000000000000037516Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\Publisher(Empty) 13241300x800000000000000037515Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\LowerCaseLongPathc:\program files\git\usr\bin\ssh-keyscan.exe 13241300x800000000000000037514Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\BinProductVersion(Empty) 13241300x800000000000000037513Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037512Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\Publisher(Empty) 13241300x800000000000000037511Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\LowerCaseLongPathc:\program files\git\usr\bin\ssh-keygen.exe 13241300x800000000000000037510Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\BinProductVersion(Empty) 13241300x800000000000000037509Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037508Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\Publisher(Empty) 13241300x800000000000000037507Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\LowerCaseLongPathc:\program files\git\usr\bin\ssh-agent.exe 13241300x800000000000000037506Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\BinProductVersion(Empty) 13241300x800000000000000037505Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\LinkDate01/01/1970 00:00:00 13241300x800000000000000037504Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\Publisher(Empty) 13241300x800000000000000037503Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\LowerCaseLongPathc:\program files\git\usr\bin\ssh-add.exe 13241300x800000000000000037502Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\BinProductVersion(Empty) 13241300x800000000000000037501Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\LinkDate01/01/1970 00:00:00 13241300x800000000000000037500Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\Publisher(Empty) 13241300x800000000000000037499Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\LowerCaseLongPathc:\program files\git\usr\bin\split.exe 13241300x800000000000000037498Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\BinProductVersion(Empty) 13241300x800000000000000037497Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.433{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\LinkDate01/01/1970 00:00:00 13241300x800000000000000037496Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\Publisher(Empty) 13241300x800000000000000037495Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\LowerCaseLongPathc:\program files\git\usr\bin\sort.exe 13241300x800000000000000037494Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\BinProductVersion(Empty) 13241300x800000000000000037493Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\LinkDate01/01/1970 00:00:00 13241300x800000000000000037492Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\Publisher(Empty) 13241300x800000000000000037491Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\LowerCaseLongPathc:\program files\git\usr\bin\sleep.exe 13241300x800000000000000037490Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\BinProductVersion(Empty) 13241300x800000000000000037489Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\LinkDate01/01/1970 00:00:00 13241300x800000000000000037488Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\Publisher(Empty) 13241300x800000000000000037487Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\LowerCaseLongPathc:\program files\git\usr\bin\shuf.exe 13241300x800000000000000037486Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\BinProductVersion(Empty) 13241300x800000000000000037485Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\LinkDate01/01/1970 00:00:00 13241300x800000000000000037484Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\Publisher(Empty) 13241300x800000000000000037483Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\LowerCaseLongPathc:\program files\git\usr\bin\shred.exe 13241300x800000000000000037482Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\BinProductVersion(Empty) 13241300x800000000000000037481Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\LinkDate01/01/1970 00:00:00 13241300x800000000000000037480Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\Publisher(Empty) 13241300x800000000000000037479Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\LowerCaseLongPathc:\program files\git\usr\bin\sha512sum.exe 13241300x800000000000000037478Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\BinProductVersion(Empty) 13241300x800000000000000037477Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037476Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\Publisher(Empty) 13241300x800000000000000037475Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\LowerCaseLongPathc:\program files\git\usr\bin\sha384sum.exe 13241300x800000000000000037474Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\BinProductVersion(Empty) 13241300x800000000000000037473Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\LinkDate01/01/1970 00:00:00 13241300x800000000000000037472Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\Publisher(Empty) 13241300x800000000000000037471Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\LowerCaseLongPathc:\program files\git\usr\bin\sha256sum.exe 13241300x800000000000000037470Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\BinProductVersion(Empty) 13241300x800000000000000037469Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\LinkDate01/01/1970 00:00:00 13241300x800000000000000037468Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\Publisher(Empty) 13241300x800000000000000037467Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\LowerCaseLongPathc:\program files\git\usr\bin\sha224sum.exe 13241300x800000000000000037466Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\BinProductVersion(Empty) 13241300x800000000000000037465Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037464Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\Publisher(Empty) 13241300x800000000000000037463Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\LowerCaseLongPathc:\program files\git\usr\bin\sha1sum.exe 13241300x800000000000000037462Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\BinProductVersion2.33.0.2 13241300x800000000000000037461Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\LinkDate08/24/2021 10:09:53 13241300x800000000000000037460Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\Publisherthe git development community 13241300x800000000000000037459Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\LowerCaseLongPathc:\program files\git\bin\sh.exe 13241300x800000000000000037458Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\BinProductVersion(Empty) 13241300x800000000000000037457Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\LinkDate12/04/2018 10:21:15 13241300x800000000000000037456Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\Publisher(Empty) 13241300x800000000000000037455Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\LowerCaseLongPathc:\program files\git\usr\bin\sh.exe 13241300x800000000000000037454Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\BinProductVersion(Empty) 13241300x800000000000000037453Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\LinkDate01/01/1970 00:00:00 13241300x800000000000000037452Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\Publisher(Empty) 13241300x800000000000000037451Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\LowerCaseLongPathc:\program files\git\usr\bin\sftp.exe 13241300x800000000000000037450Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\BinProductVersion(Empty) 13241300x800000000000000037449Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\LinkDate01/01/1970 00:00:00 13241300x800000000000000037448Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\Publisher(Empty) 13241300x800000000000000037447Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\LowerCaseLongPathc:\program files\git\usr\lib\ssh\sftp-server.exe 13241300x800000000000000037446Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\BinProductVersion(Empty) 13241300x800000000000000037445Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\LinkDate01/01/1970 00:00:00 13241300x800000000000000037444Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\Publisher(Empty) 13241300x800000000000000037443Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\LowerCaseLongPathc:\program files\git\mingw64\bin\sexp-conv.exe 13241300x800000000000000037442Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\BinProductVersion(Empty) 13241300x800000000000000037441Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\LinkDate01/01/1970 00:00:00 13241300x800000000000000037440Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\Publisher(Empty) 13241300x800000000000000037439Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\LowerCaseLongPathc:\program files\git\usr\bin\sexp-conv.exe 13241300x800000000000000037438Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\BinProductVersion(Empty) 13241300x800000000000000037437Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\LinkDate03/26/2021 22:24:40 13241300x800000000000000037436Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\Publisher(Empty) 13241300x800000000000000037435Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\LowerCaseLongPathc:\program files\git\usr\bin\setmetamode.exe 13241300x800000000000000037434Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\BinProductVersion(Empty) 13241300x800000000000000037433Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\LinkDate03/26/2021 22:24:40 13241300x800000000000000037432Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\Publisher(Empty) 13241300x800000000000000037431Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\LowerCaseLongPathc:\program files\git\usr\bin\setfacl.exe 13241300x800000000000000037430Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\BinProductVersion(Empty) 13241300x800000000000000037429Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037428Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\Publisher(Empty) 13241300x800000000000000037427Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\LowerCaseLongPathc:\program files\git\usr\bin\seq.exe 13241300x800000000000000037426Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\BinProductVersion(Empty) 13241300x800000000000000037425Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037424Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\Publisher(Empty) 13241300x800000000000000037423Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\LowerCaseLongPathc:\program files\git\usr\bin\sed.exe 13241300x800000000000000037422Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\BinProductVersion(Empty) 13241300x800000000000000037421Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\LinkDate01/01/1970 00:00:00 13241300x800000000000000037420Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\Publisher(Empty) 13241300x800000000000000037419Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\LowerCaseLongPathc:\program files\git\usr\bin\sdiff.exe 13241300x800000000000000037418Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\BinProductVersion(Empty) 13241300x800000000000000037417Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\LinkDate01/01/1970 00:00:00 13241300x800000000000000037416Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\Publisher(Empty) 13241300x800000000000000037415Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\LowerCaseLongPathc:\program files\git\usr\bin\scp.exe 13241300x800000000000000037414Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\BinProductVersion(Empty) 13241300x800000000000000037413Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\LinkDate01/01/1970 00:00:00 13241300x800000000000000037412Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\Publisher(Empty) 13241300x800000000000000037411Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\scdaemon.exe 13241300x800000000000000037410Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\BinProductVersion(Empty) 13241300x800000000000000037409Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\LinkDate01/01/1970 00:00:00 13241300x800000000000000037408Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\Publisher(Empty) 13241300x800000000000000037407Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\LowerCaseLongPathc:\program files\git\usr\bin\rvim.exe 13241300x800000000000000037406Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\BinProductVersion(Empty) 13241300x800000000000000037405Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037404Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\Publisher(Empty) 13241300x800000000000000037403Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\LowerCaseLongPathc:\program files\git\usr\bin\rview.exe 13241300x800000000000000037402Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\BinProductVersion(Empty) 13241300x800000000000000037401Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\LinkDate01/01/1970 00:00:00 13241300x800000000000000037400Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\Publisher(Empty) 13241300x800000000000000037399Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\LowerCaseLongPathc:\program files\git\usr\bin\runcon.exe 13241300x800000000000000037398Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\BinProductVersion(Empty) 13241300x800000000000000037397Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037396Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\Publisher(Empty) 13241300x800000000000000037395Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\LowerCaseLongPathc:\program files\git\usr\bin\rnano.exe 13241300x800000000000000037394Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\BinProductVersion(Empty) 13241300x800000000000000037393Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\LinkDate01/01/1970 00:00:00 13241300x800000000000000037392Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\Publisher(Empty) 13241300x800000000000000037391Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\LowerCaseLongPathc:\program files\git\usr\lib\tar\rmt.exe 13241300x800000000000000037390Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\BinProductVersion(Empty) 13241300x800000000000000037389Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\LinkDate01/01/1970 00:00:00 13241300x800000000000000037388Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\Publisher(Empty) 13241300x800000000000000037387Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\LowerCaseLongPathc:\program files\git\usr\bin\rmdir.exe 13241300x800000000000000037386Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\BinProductVersion(Empty) 13241300x800000000000000037385Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\LinkDate01/01/1970 00:00:00 13241300x800000000000000037384Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\Publisher(Empty) 13241300x800000000000000037383Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\LowerCaseLongPathc:\program files\git\usr\bin\rm.exe 13241300x800000000000000037382Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\BinProductVersion(Empty) 13241300x800000000000000037381Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\LinkDate01/01/1970 00:00:00 13241300x800000000000000037380Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\Publisher(Empty) 13241300x800000000000000037379Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\LowerCaseLongPathc:\program files\git\usr\bin\reset.exe 13241300x800000000000000037378Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\BinProductVersion(Empty) 13241300x800000000000000037377Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\LinkDate03/26/2021 22:24:40 13241300x800000000000000037376Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\Publisher(Empty) 13241300x800000000000000037375Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\LowerCaseLongPathc:\program files\git\usr\bin\regtool.exe 13241300x800000000000000037374Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\BinProductVersion(Empty) 13241300x800000000000000037373Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\LinkDate06/19/2025 15:30:53 13241300x800000000000000037372Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\Publisher(Empty) 13241300x800000000000000037371Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\LowerCaseLongPathc:\program files\git\usr\bin\recode-sr-latin.exe 13241300x800000000000000037370Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\BinProductVersion(Empty) 13241300x800000000000000037369Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\LinkDate01/01/1970 00:00:00 13241300x800000000000000037368Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\Publisher(Empty) 13241300x800000000000000037367Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\LowerCaseLongPathc:\program files\git\usr\bin\rebase.exe 13241300x800000000000000037366Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\BinProductVersion(Empty) 13241300x800000000000000037365Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\LinkDate01/01/1970 00:00:00 13241300x800000000000000037364Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\Publisher(Empty) 13241300x800000000000000037363Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\LowerCaseLongPathc:\program files\git\usr\bin\realpath.exe 13241300x800000000000000037362Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\BinProductVersion(Empty) 13241300x800000000000000037361Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\LinkDate01/01/1970 00:00:00 13241300x800000000000000037360Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\Publisher(Empty) 13241300x800000000000000037359Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\LowerCaseLongPathc:\program files\git\usr\bin\readlink.exe 13241300x800000000000000037358Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\BinProductVersion(Empty) 13241300x800000000000000037357Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\LinkDate01/01/1970 00:00:00 13241300x800000000000000037356Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\Publisher(Empty) 13241300x800000000000000037355Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\LowerCaseLongPathc:\program files\git\usr\bin\pwd.exe 13241300x800000000000000037354Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\BinProductVersion(Empty) 13241300x800000000000000037353Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\LinkDate01/01/1970 00:00:00 13241300x800000000000000037352Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\Publisher(Empty) 13241300x800000000000000037351Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\LowerCaseLongPathc:\program files\git\usr\lib\awk\pwcat.exe 13241300x800000000000000037350Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\BinProductVersion(Empty) 13241300x800000000000000037349Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\LinkDate01/01/1970 00:00:00 13241300x800000000000000037348Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\Publisher(Empty) 13241300x800000000000000037347Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\LowerCaseLongPathc:\program files\git\usr\bin\ptx.exe 13241300x800000000000000037346Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\BinProductVersion(Empty) 13241300x800000000000000037345Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\LinkDate01/01/1970 00:00:00 13241300x800000000000000037344Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\Publisher(Empty) 13241300x800000000000000037343Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\LowerCaseLongPathc:\program files\git\usr\bin\psl.exe 13241300x800000000000000037342Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\BinProductVersion(Empty) 13241300x800000000000000037341Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\LinkDate03/26/2021 22:24:40 13241300x800000000000000037340Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\Publisher(Empty) 13241300x800000000000000037339Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\LowerCaseLongPathc:\program files\git\usr\bin\ps.exe 13241300x800000000000000037338Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\BinProductVersion(Empty) 13241300x800000000000000037337Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\LinkDate01/01/1970 00:00:00 13241300x800000000000000037336Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\Publisher(Empty) 13241300x800000000000000037335Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\LowerCaseLongPathc:\program files\git\mingw64\bin\proxy-lookup.exe 13241300x800000000000000037334Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\BinProductVersion(Empty) 13241300x800000000000000037333Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\LinkDate01/01/1970 00:00:00 13241300x800000000000000037332Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\Publisher(Empty) 13241300x800000000000000037331Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\LowerCaseLongPathc:\program files\git\usr\bin\printf.exe 13241300x800000000000000037330Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\BinProductVersion(Empty) 13241300x800000000000000037329Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\LinkDate01/01/1970 00:00:00 13241300x800000000000000037328Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.417{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\Publisher(Empty) 13241300x800000000000000037327Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\LowerCaseLongPathc:\program files\git\usr\bin\printenv.exe 13241300x800000000000000037326Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\BinProductVersion(Empty) 13241300x800000000000000037325Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\LinkDate01/01/1970 00:00:00 13241300x800000000000000037324Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\Publisher(Empty) 13241300x800000000000000037323Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\LowerCaseLongPathc:\program files\git\usr\bin\pr.exe 13241300x800000000000000037322Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\BinProductVersion(Empty) 13241300x800000000000000037321Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\LinkDate01/01/1970 00:00:00 13241300x800000000000000037320Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\Publisher(Empty) 13241300x800000000000000037319Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\LowerCaseLongPathc:\program files\git\usr\bin\pluginviewer.exe 13241300x800000000000000037318Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\BinProductVersion(Empty) 13241300x800000000000000037317Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\LinkDate03/26/2021 22:24:40 13241300x800000000000000037316Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\Publisher(Empty) 13241300x800000000000000037315Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\LowerCaseLongPathc:\program files\git\usr\bin\pldd.exe 13241300x800000000000000037314Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\BinProductVersion(Empty) 13241300x800000000000000037313Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\LinkDate01/01/1970 00:00:00 13241300x800000000000000037312Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\Publisher(Empty) 13241300x800000000000000037311Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\LowerCaseLongPathc:\program files\git\mingw64\bin\pkcs1-conv.exe 13241300x800000000000000037310Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\BinProductVersion(Empty) 13241300x800000000000000037309Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\LinkDate01/01/1970 00:00:00 13241300x800000000000000037308Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\Publisher(Empty) 13241300x800000000000000037307Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\LowerCaseLongPathc:\program files\git\usr\bin\pkcs1-conv.exe 13241300x800000000000000037306Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\BinProductVersion(Empty) 13241300x800000000000000037305Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\LinkDate01/01/1970 00:00:00 13241300x800000000000000037304Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\Publisher(Empty) 13241300x800000000000000037303Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\LowerCaseLongPathc:\program files\git\usr\bin\pinky.exe 13241300x800000000000000037302Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\BinProductVersion(Empty) 13241300x800000000000000037301Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\LinkDate01/01/1970 00:00:00 13241300x800000000000000037300Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\Publisher(Empty) 13241300x800000000000000037299Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\LowerCaseLongPathc:\program files\git\usr\bin\pinentry.exe 13241300x800000000000000037298Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\BinProductVersion(Empty) 13241300x800000000000000037297Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\LinkDate01/01/1970 00:00:00 13241300x800000000000000037296Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\Publisher(Empty) 13241300x800000000000000037295Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\LowerCaseLongPathc:\program files\git\usr\bin\pinentry-w32.exe 13241300x800000000000000037294Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl5.34.0.exe|163b76b108d3f013\BinProductVersion(Empty) 13241300x800000000000000037293Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl5.34.0.exe|163b76b108d3f013\LinkDate01/01/1970 00:00:00 13241300x800000000000000037292Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl5.34.0.exe|163b76b108d3f013\Publisher(Empty) 13241300x800000000000000037291Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl5.34.0.exe|163b76b108d3f013\LowerCaseLongPathc:\program files\git\usr\bin\perl5.34.0.exe 13241300x800000000000000037290Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\BinProductVersion(Empty) 13241300x800000000000000037289Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\LinkDate01/01/1970 00:00:00 13241300x800000000000000037288Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\Publisher(Empty) 13241300x800000000000000037287Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\LowerCaseLongPathc:\program files\git\usr\bin\perl.exe 13241300x800000000000000037286Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\BinProductVersion(Empty) 13241300x800000000000000037285Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\LinkDate01/01/1970 00:00:00 13241300x800000000000000037284Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\Publisher(Empty) 13241300x800000000000000037283Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\LowerCaseLongPathc:\program files\git\mingw64\bin\pdftotext.exe 13241300x800000000000000037282Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\BinProductVersion(Empty) 13241300x800000000000000037281Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:14.402{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\LinkDate01/01/1970 00:00:00 13241300x800000000000000013430Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:42:16.366{625C326B-67EE-613B-1300-00000000F101}368C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7a652-0x0cd7088c) 23542300x800000000000000013429Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:16.163{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA7655FF3427BD03B0E5B27F8C122F45,SHA256=35FF24FCA329FE34A8A1C84C4B2A19BECFCB4288D225023D521B43B48DE35255,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038105Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.855{7BD73061-6EC9-613B-1B07-00000000F001}49882128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038104Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q2MFXXO1IW\System.Web.ni.dll.auxMD5=83B0819F19853C14765B24B1AD811ABC,SHA256=24231188EFF9EBADA282616086E59934ECD0A180EACC8CBA3A623AE1026052BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038103Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.714{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q2MFXXO1IW\System.Web.ni.dllMD5=5AD420742C2665182250F7D95FF74A76,SHA256=7A8D4B30B8FF51570A614F387F29715B80B2BBC4C7BB4213062AD17DDA698C4A,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038102Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6EC9-613B-1B07-00000000F001}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038101Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038100Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038099Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038098Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038097Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6EC9-613B-1B07-00000000F001}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038096Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.667{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6EC9-613B-1B07-00000000F001}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038095Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.668{7BD73061-6EC9-613B-1B07-00000000F001}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013431Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:17.194{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F5C847D7CA7357596E54253CC36570,SHA256=01E03276F096A0E70636076E6745512084049408B0F85562CB6C4537891D3325,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038094Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.089{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PYJA7OW6LL\System.Transactions.ni.dll.auxMD5=67EA7579FBE5D95C014B695402882EE0,SHA256=02A0F13F1E4E2882F3F1298FD9F09EDC0DF787CB503D2929A7536ABCE64D90FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038093Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.089{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PYJA7OW6LL\System.Transactions.ni.dllMD5=0111D3A2E533281DC6DD7C981CB8CAA1,SHA256=600DE357800878318E9B1C166BF9402EACA737CADBAB9ADCB7FDF8BBA6C67030,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038092Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:17.074{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PL1HU7TT90\System.Numerics.ni.dll.auxMD5=D4AF447AE12A5806CB93B8D78E283140,SHA256=09DBF9D69C0FA8722ED60CCB128241D63E23DBAAC1AC0C3406136024ECC0EEC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038091Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:16.917{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PL1HU7TT90\System.Numerics.ni.dllMD5=5FF3E0606A26FD5CED8795E64BD23991,SHA256=3100FEDE83BB1EF84518D4DDF9344F0FA72E1797C5934D4BDC3C0473463C8693,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038090Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:16.808{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80800CE14E1F44B7DC466330B1ABEE3D,SHA256=704F84D84E57912EE74E808412B5249D49E68BC151856D374BCF309524B9A542,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000038089Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:16.167{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\00009f5f5dfd4a45c41ca3cc66cde00fdef500000904\PublisherAmazon Web Services Developer Relations 13241300x800000000000000038088Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vc_redist.x64.ex|b72113d8ab25b2ea\BinProductVersion14.28.29913.0 13241300x800000000000000038087Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vc_redist.x64.ex|b72113d8ab25b2ea\LinkDate11/18/2017 21:37:28 13241300x800000000000000038086Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vc_redist.x64.ex|b72113d8ab25b2ea\Publishermicrosoft corporation 13241300x800000000000000038085Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\vc_redist.x64.ex|b72113d8ab25b2ea\LowerCaseLongPathc:\programdata\package cache\{855e31d2-9031-46e1-b06d-c9d7777deefb}\vc_redist.x64.exe 13241300x800000000000000038084Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.355{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000a0119b997e1ff1f405659fca10378fff0000ffff\PublisherMicrosoft Corporation 13241300x800000000000000038083Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\amazonssmagentse|7ad37428994638e7\BinProductVersion3.0.1181.0 13241300x800000000000000038082Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\amazonssmagentse|7ad37428994638e7\LinkDate05/01/2017 14:33:52 13241300x800000000000000038081Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\amazonssmagentse|7ad37428994638e7\Publisheramazon web services 13241300x800000000000000038080Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\amazonssmagentse|7ad37428994638e7\LowerCaseLongPathc:\programdata\package cache\{51cee651-095c-4e85-b3e4-59bbff234360}\amazonssmagentsetup.exe 13241300x800000000000000038079Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.339{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000baee2e2803b311fae39811010e5c0b180000ffff\PublisherAmazon Web Services 13241300x800000000000000038078Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\aws-cfn-bootstra|65c81b6df64de18d\BinProductVersion2.0.6.0 13241300x800000000000000038077Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\aws-cfn-bootstra|65c81b6df64de18d\LinkDate09/17/2019 05:33:38 13241300x800000000000000038076Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\aws-cfn-bootstra|65c81b6df64de18d\Publisheramazon web services 13241300x800000000000000038075Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\aws-cfn-bootstra|65c81b6df64de18d\LowerCaseLongPathc:\programdata\package cache\{09259595-ce26-4705-b47e-59d9e3ccebb9}\aws-cfn-bootstrap-bundle.exe 13241300x800000000000000038074Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\0000a32b64966830ad0100b29547ca5511020000ffff\PublisherAmazon Web Services 13241300x800000000000000038073Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.324{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplication\00000bc19da022eb94eca75a727b615c201e00000904\PublisherMicrosoft Corporation 13241300x800000000000000038072Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\BinProductVersion(Empty) 13241300x800000000000000038071Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\LinkDate01/10/2020 01:30:07 13241300x800000000000000038070Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\Publisher(Empty) 13241300x800000000000000038069Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\srm.exe|928901d4ccf4225c\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\srm.exe 13241300x800000000000000038068Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\BinProductVersion10.0.10011.16384 13241300x800000000000000038067Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LinkDate10/02/2019 17:37:14 13241300x800000000000000038066Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000038065Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkmonitornohandledrv.sys 13241300x800000000000000038064Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinProductVersion10.0.10011.16384 13241300x800000000000000038063Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LinkDate10/02/2019 17:37:08 13241300x800000000000000038062Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Publisherwindows (r) win 7 ddk provider 13241300x800000000000000038061Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkdrv.sys 13241300x800000000000000038060Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\BinProductVersion2048.512.24125.32311 13241300x800000000000000038059Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LinkDate02/07/2020 15:26:19 13241300x800000000000000038058Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\Publishersplunk inc. 13241300x800000000000000038057Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkd.exe 13241300x800000000000000038056Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\BinProductVersion2048.512.24125.32311 13241300x800000000000000038055Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LinkDate02/07/2020 15:13:21 13241300x800000000000000038054Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\Publishersplunk inc. 13241300x800000000000000038053Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk.exe 13241300x800000000000000038052Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\BinProductVersion2048.512.24125.32311 13241300x800000000000000038051Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LinkDate02/07/2020 15:24:43 13241300x800000000000000038050Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\Publishersplunk inc. 13241300x800000000000000038049Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-wmi.exe 13241300x800000000000000038048Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\BinProductVersion2048.512.24125.32311 13241300x800000000000000038047Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LinkDate02/07/2020 15:19:24 13241300x800000000000000038046Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\Publishersplunk inc. 13241300x800000000000000038045Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winprintmon.exe 13241300x800000000000000038044Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\BinProductVersion2048.512.24125.32311 13241300x800000000000000038043Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LinkDate02/07/2020 15:19:16 13241300x800000000000000038042Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\Publishersplunk inc. 13241300x800000000000000038041Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winhostinfo.exe 13241300x800000000000000038040Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\BinProductVersion2048.512.24125.32311 13241300x800000000000000038039Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\LinkDate02/07/2020 15:18:57 13241300x800000000000000038038Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PubSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\Publishersplunk inc. 13241300x800000000000000038037Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-PathSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-winevtlog|d8125e0c86684fca\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winevtlog.exe 13241300x800000000000000038036Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-VerSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\BinProductVersion2048.512.24125.32311 13241300x800000000000000038035Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.localInvDB-CompileTimeClaimSetValue2021-09-10 14:42:15.277{7BD73061-6EB6-613B-1907-00000000F001}6620C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{1a038503-3218-d821-aac7-04bc27d90010}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LinkDate02/07/2020 15:19:10 23542300x800000000000000038134Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.980{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXL4YWDM1H\System.ServiceProcess.ni.dll.auxMD5=FB48CBD15429C7B1F9A14E82CDF8B24D,SHA256=E11D297738EB6EFD68E74B919FC25F124C6CC4AE3E1C7595BB224BF4567C30FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038133Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.980{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXL4YWDM1H\System.ServiceProcess.ni.dllMD5=52E1C1642839FB780CD29C337867C549,SHA256=5823F6CC6549B5FE1FDFF03DCF1B95DFAFDE9D381C04D3C8F5BDCC636A053E54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038132Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.964{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QSGIT28P8A\System.Xml.ni.dll.auxMD5=6A7FCA88EB093FE1BB082E272AC2421D,SHA256=A5950FA568159B35AA8963997DB039E0CCBABC8668001E24B0E8E7B05467B0DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038131Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.964{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QSGIT28P8A\System.Xml.ni.dllMD5=D2D51896FC97FC53362B468BA49EEE3A,SHA256=D42A3DE02488863E75FAED49C251D958F8C26CC2F523ACA01D0F0CAC4052F78C,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038130Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECA-613B-1D07-00000000F001}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038129Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038128Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038127Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038126Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038125Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6ECA-613B-1D07-00000000F001}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038124Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.870{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECA-613B-1D07-00000000F001}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038123Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.872{7BD73061-6ECA-613B-1D07-00000000F001}6292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038122Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QGHMUB8IBD\System.ni.dll.auxMD5=4C4FFFC3E154C905C9C643845FCE328A,SHA256=1F43D99B3935FB07CC6C6340C832C92C43495F06826C07A01FEBF4BF1E97336B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038121Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QGHMUB8IBD\System.ni.dllMD5=78947C49BA92424CC6AA6E8CD6D1CB3A,SHA256=4123DF564E230E74A1AB0AB44271D9B033898AE5F9BD741BB3C914D6F1D539C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000013432Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:18.225{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D08F692DBFECDFC074FCF4F1BAF9172,SHA256=E2E2B507852A00E496FA47CBA0B438803B2CFC3C5A4A4307BD863E72BAAE6B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038120Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.683{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4897FD67D0FB4727400275E9DB7511E1,SHA256=87D0635B5DF2D950C60465111141903FE560B2EBE973092F05F6038039CEBE02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038119Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.683{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84373834E4F6A7CBF03AE81371680062,SHA256=E2A81A7FA4309D9DC9ADE30B4686A457C2AA6D485D28FCD22EE224DD95AE2EEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038118Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.355{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q5MF3AYVTA\System.ServiceModel.ni.dll.auxMD5=D9EA29F8B3C587F8A388E2C44AF446DD,SHA256=61515EE0004F0BA51135A47837FFBCC51EC1417BF6C4D10BDB1F4DA6E2C17F64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038117Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.355{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q5MF3AYVTA\System.ServiceModel.ni.dllMD5=72297374A83EFE1E568D5F1AA1B4E748,SHA256=0C5281E6416D4F9EEE59F1CAA2C737DB472DEBC0A7F15B038484A51AD2D9634A,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038116Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECA-613B-1C07-00000000F001}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038115Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038114Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038113Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038112Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038111Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6ECA-613B-1C07-00000000F001}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038110Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.339{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECA-613B-1C07-00000000F001}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038109Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.340{7BD73061-6ECA-613B-1C07-00000000F001}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000038108Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:15.569{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59191-false10.0.1.12-8000- 23542300x800000000000000038107Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.058{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A1B610B3769ADE5DAF0739CFFBB0AFA,SHA256=2416C513D54E3A5A0DD813AE09B4E5B1854229061FA72443CA4A0536B06E1A9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038106Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:18.011{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1616F36816AD33E750E735AB9BCAC610,SHA256=A8D4C92CC0C3E8F96F24D18D3A25A85294BB0CFA847CD04FD6D0A2D5853DA0A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038150Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.949{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RFANI0AIQZ\System.ni.dll.auxMD5=9651A4D69D091A91F7509B493895084C,SHA256=7F97FFC6DBCF14DEF386747D99B2204F6C0BE9C123F585888BF0BC23B424155B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038149Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.949{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RFANI0AIQZ\System.ni.dllMD5=0D511A145E1BEFBF8048E4958B18EF8C,SHA256=5B4E622B50F3659A09BC10F7047FB5AECD568565E358232DBD8B85B615F42FB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038148Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.886{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4897FD67D0FB4727400275E9DB7511E1,SHA256=87D0635B5DF2D950C60465111141903FE560B2EBE973092F05F6038039CEBE02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038147Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.855{7BD73061-6ECB-613B-1E07-00000000F001}59126876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038146Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.809{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FDC1068CCE41B5DD1B04045BB154BCA,SHA256=EC9066909DABE637472E469E62D89B48E32EEC1456B077FB819D237DC684A800,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013433Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:19.225{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A5451413976FDE28B1032E12061ED69,SHA256=4039897D0C491D1FBCF1B8A0499D17DE65EDAEE6C1DD93BAB057D695158EE1C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038145Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECB-613B-1E07-00000000F001}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038144Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038143Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038142Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038141Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038140Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6ECB-613B-1E07-00000000F001}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038139Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.542{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECB-613B-1E07-00000000F001}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038138Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.543{7BD73061-6ECB-613B-1E07-00000000F001}5912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038137Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.386{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXUP2CX6WS\System.ni.dll.auxMD5=0ABA8EE4C96771CD3B6CD56A2DA9CBF6,SHA256=9C26CAC4A3E0C19DF4928C90F5F36A2D5AA689905B7AF3E9A7CBA5B925753D0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038136Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.386{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXUP2CX6WS\System.ni.dllMD5=FC806E761F72F4A41798B08766D9DB13,SHA256=1B6FB65CE6BCF66CE1BFC0BE58F06DD2949012D03BF79CE67EB35A20A5460839,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038135Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:19.199{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=944E357C06B2C7DBDACDA214E976610B,SHA256=F74B9E605A3545D6B18EA49038E1F32296491EF629BAFA9A1FDE22A5F79BCCA9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038180Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.982{7BD73061-6ECC-613B-2007-00000000F001}70366240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000013434Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:20.241{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FAF776E46F3C7ECCA03BD07B2756FCB,SHA256=37DC6B3EA255B2C0DC4091C003186AB8B836CCCF3EC48E391295435BD7CC1931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038179Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.934{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SE93RZEWOY\System.ni.dll.auxMD5=02AA118D8E3C67485AE986D7809E5813,SHA256=B90C0DD717587FAB26AE04FAA85FAB8119FF23CDD5596A954BC5E660BB3EB1CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038178Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.919{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SE93RZEWOY\System.ni.dllMD5=6D7E9BF18E21AD794AF893EBB009E6A7,SHA256=837C8E670276112124615988CF0B655B6202FD2F351A34F56A7159AF12C4855A,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038177Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECC-613B-2007-00000000F001}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038176Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038175Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038174Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038173Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038172Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6ECC-613B-2007-00000000F001}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038171Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.714{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECC-613B-2007-00000000F001}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038170Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.715{7BD73061-6ECC-613B-2007-00000000F001}7036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038169Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.495{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\S28N7JUG56\System.ServiceModel.Channels.ni.dll.auxMD5=24C96490414503BD6F9A89910E524FE6,SHA256=90368670D86C6D23108DEFB97877396DB68D63E4C13B11C6F482519FD387661B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038168Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.495{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\S28N7JUG56\System.ServiceModel.Channels.ni.dllMD5=0B906FCE3A311AB81C8EBEA00FD629F0,SHA256=E7F372A1C2CF8BDA12DBD0860F3562D207689D5C6BECCE0015EF5CA97E7649E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038167Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.495{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RWWS0XEEX8\System.Management.ni.dll.auxMD5=3C0E46C45BCF91E9607FCCE8F2EB1153,SHA256=8B62160D2B2016E7615E19AF407C52A66A6AB89F6AA48255F39D85AD826A6391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038166Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.480{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RWWS0XEEX8\System.Management.ni.dllMD5=ED030D562E600AD124F818C0F59AE89D,SHA256=5080BE95FA9CA821324B2094792AE5A473F1CFBC38E20209EFDC3E775D054CE4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038165Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RTNTAJ5QYG\System.Xml.Linq.ni.dll.auxMD5=CCF15A1A5478AD4C9A6C5EAC3B4EDB1D,SHA256=80C7E515F2F30459C447E0C663804F04B2325BC9F6246CC881B933FFF502A2BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038164Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RTNTAJ5QYG\System.Xml.Linq.ni.dllMD5=01675F7E454CEA910CBAEB0A7D4BF59F,SHA256=0F6DF0E70167F51DABB0B82E921D337094D2833E91B72BF4BE15756F8E49DA88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038163Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.402{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RLJ402KVPV\Microsoft.CSharp.ni.dll.auxMD5=4F6E2CF657AB3C20B463DF7873DF8594,SHA256=F609CD67B4E59BCAEA6C8472B314A28DCF1872AA6EE9113BF399F45726EB4F5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038162Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.402{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RLJ402KVPV\Microsoft.CSharp.ni.dllMD5=5F895695883F631A993A0F8F582807B3,SHA256=1C785DA125A9DF9516988A97E44348DB77186BA39EFF3C7F82E5391505B61CC8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038161Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.355{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RK5K12ZZVI\System.Data.ni.dll.auxMD5=AD2C4453E59EB7892FA2CC4ABD0A7E7C,SHA256=DE2C69FD102FE3E1072F2FA0F3FB9625D65E9059393B2664F5D464A7E3FEA7BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038160Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.355{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RK5K12ZZVI\System.Data.ni.dllMD5=504A4880B14625199F3F1AEFCCE6B202,SHA256=3F6D6E89B2EBE19C15EDBC2E78B8BE32178FDB37A8C1DB5A46DB8A76701910EF,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038159Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.277{7BD73061-6ECC-613B-1F07-00000000F001}68206804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038158Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECC-613B-1F07-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038157Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038156Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038155Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038154Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6ECC-613B-1F07-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038153Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038152Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.042{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECC-613B-1F07-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038151Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:20.043{7BD73061-6ECC-613B-1F07-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013436Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:21.241{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED51E8BD70DAF615E809688B1A91312,SHA256=05F344595E6DEC26D9045BAF5C6A0456BE61DA894B5226BEBAE98F951C96FF6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038202Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.933{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SUK77Z1XOM\System.Drawing.ni.dll.auxMD5=DCEFC8B9CB7245B90F2A6AA4084A0F71,SHA256=3760AFB996B9C1860A13167C3DA5FD6B019EE185076145A71387745DC8DA24A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038201Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.933{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SUK77Z1XOM\System.Drawing.ni.dllMD5=E8956B039DFD94E1EDBD129DE56F3F2D,SHA256=1DAC647C4642EB0A13A5135BCAF254A30E477CD5DF6BD7DF978F2065CAF5BFE2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038200Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.808{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SU6BGTV8II\System.Management.ni.dll.auxMD5=FE20915E753A6B48C1D7C978C1AFF282,SHA256=D66CA48589CA1B1CCCDFDE70ECB6B57B258A0962DA308809DD46E0F4ABEC0D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038199Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.808{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SU6BGTV8II\System.Management.ni.dllMD5=A2398F5CDEEC4226380CB620C5D180D8,SHA256=4007C9B8A5360D49CD4DA98D262DA539AD790AA13CA54712757441B1C56F2980,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038198Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.745{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SQ7M0TZAP9\System.Management.ni.dll.auxMD5=A1123A272EA45D0BE152C0EEBD6784E2,SHA256=5B0E627B5F7CFC5A685543302698C7882E396403C78E13DE7A7443221A86F536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038197Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.730{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SQ7M0TZAP9\System.Management.ni.dllMD5=1EE419429DFC6FD092EA7828ED535BFB,SHA256=66C905BB59A36F4F0D862B6C9C7125C212BCD31DC12821EEB4B7B72994CAA787,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038196Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.608{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SNLOKA1ZYO\System.Core.ni.dll.auxMD5=68F3E83339872D673C61BCDADE513017,SHA256=25ECE5E7917FE392F280C93C69EA441333898E738D28AE8C2F578E364ED7DA77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038195Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.608{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SNLOKA1ZYO\System.Core.ni.dllMD5=E993EA2898B9C9812D58FFE1AE84E74B,SHA256=28BB8495AE0284A1262A0A7F02F222498059917F05A973937589A60F9C8A23E2,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000038194Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6ECD-613B-2107-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038193Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038192Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038191Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038190Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-65B2-613B-0C00-00000000F001}8364488C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038189Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6ECD-613B-2107-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038188Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.589{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6ECD-613B-2107-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038187Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.590{7BD73061-6ECD-613B-2107-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038186Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.449{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1E511610815C1D4422FC286D3E16B355,SHA256=03BF6A3F45671B9E7B5859E7B9EA8B17CCEFB29D9B174CC9C51865C1E9678790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038185Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.449{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0E8B6D030F8E64789834667C470B97BF,SHA256=A6007B60EA5F9593FC95FA5123D539AECD5A879B8A539743FA1E7FC23494546E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038184Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.277{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SG3QQYR109\System.Core.ni.dll.auxMD5=9C2C1DF16379BF958B0D67E0B3610AE4,SHA256=AFBE99A8170E89F98A87750E88CC02E6E9B7B6E188CA47043EB1B64C68FA0B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038183Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.277{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SG3QQYR109\System.Core.ni.dllMD5=E0408356E6103FCD924AC2285DC1C885,SHA256=0D45CD52A92CB9B17E8931E21B3183C8605255624264C10BF9B5AB5FF14D8D0D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038182Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.058{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=23FCB63410467724BD30BB977406FB11,SHA256=1B02B3D09359A4334AC87A0FD9F492770536EFBCC5226F9C47AA2576606B7107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038181Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.042{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD5971AEBD179C2E4C5F1786FB559228,SHA256=AB04AA726B2BFFAA8C27BFEE7D6E7F311472EAED84D8AB7136F3F7550C287D15,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013435Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:19.525{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50091-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013437Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:22.257{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D18B4289F6B8A03987BAB2761A066296,SHA256=65E57D1D00CA984FB9B1AD13A1213F3CCC6D56A321E98543525EA5AB6596ACC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038210Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.980{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T7DUA2RN2I\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038209Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.980{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T7DUA2RN2I\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038208Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.636{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=662C8E6A9E6696DEF7FCC1940BB75DED,SHA256=CDBB9417E3EFC62FD4253119BC01D492BB2DB03951BEE89BD419FD605A11ED4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038207Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.574{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T35SMSC9NL\System.Core.ni.dll.auxMD5=F17814BA3A499E75D25D8600316A312E,SHA256=83B003AF767D928434650744A536BB23C6BEB46D3D16DD964DBE77382A1EADC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038206Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.574{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T35SMSC9NL\System.Core.ni.dllMD5=BABB1248300114458CE418D687F12C45,SHA256=2C4CF0E399747B3A28FAF4BED3A5DB80E1B32E39A1F6AD1A24DCEB2F4BDBD731,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038205Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.137{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SWWQ6AOVGJ\System.Xml.ni.dll.auxMD5=E01ABDE7405B6917FD52CBCECEDFB15C,SHA256=73DEA8197F091277613BAAFEDBE37A4231410291B5AFABAC8D6907407482215B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038204Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.137{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SWWQ6AOVGJ\System.Xml.ni.dllMD5=5F6EA5E77659D339DC666E0BCCD7B0FB,SHA256=D03C42DCD3565491379E0C0940E60507EB8B28F6FAC705F98D68A788AA31F8C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038203Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:22.027{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=438B5045392884F9985AE1002A606D76,SHA256=7E5AE1C8BAC2EDA268DC9ACE45FB250F0BA109E2562DACB6FDC3DC3C684FC99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013438Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:23.397{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF3EF4CD557BB80E0F88335D92E45681,SHA256=42F48B98C3304F2CF274E1D801948BF18544C7DB40506078FAE9E211A3418FB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038217Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.667{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TREBLZ8848\System.Transactions.ni.dll.auxMD5=345B032FDAB64413D929BFBDE26FDCD7,SHA256=2071BD12C470F01C83E6EFFBADF7E960568551E140259A99309F9CFF8BE70FAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038216Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.667{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TREBLZ8848\System.Transactions.ni.dllMD5=CD8B06DACE1AE70F053FB67F75439D1A,SHA256=0D78871A1A1AFA2B8AE0A97E0D781565C2014C1A4C687D3731557233DD0684C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038215Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.652{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TKH0RXDAYQ\System.Drawing.ni.dll.auxMD5=6C52FA11480271A7CA24597B93F7BB04,SHA256=61F5983290D91AB3DF009F8C874FA8FE2746C9AB30195650831EE3035CB71CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038214Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.652{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TKH0RXDAYQ\System.Drawing.ni.dllMD5=C0CD3B953E9ADDA2C2CA1B521CAC444A,SHA256=792530B90A2559951E4A2DBECBE5B4B3FDC08CB4140A89FC252E49C9FD342359,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038213Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.621{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TGY81KS0Z5\System.ni.dll.auxMD5=7A44EFFA7DCC91B7C5544BE94DCAB99B,SHA256=82430CD1974781DDBA8E3229219F17123658865551FEC8BC2D4290A1B5106A91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038212Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.621{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TGY81KS0Z5\System.ni.dllMD5=D52C7EE4CFB46F754E22E0C2A47AE1F7,SHA256=70C0BF60131A45390406D3C461BEE5C0449868CD3E9B41A89FD5808F16D9516E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038211Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:23.058{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DEA7F0ECD56894E47A9005915DE4DC2,SHA256=2D66544C294D93FAF76748461D50AD6F8DDA2E45C98B015279F5DE9CBA1EC535,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013439Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:24.413{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E7F8CB2876D50A736BDCCF9DB11F499,SHA256=872F7B7FE0EC039F40A23856F85C96FC9538E033F16F55BB574A1EEA70016D63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038228Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.605{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UD49G3NY52\System.Core.ni.dll.auxMD5=4D66BF5119D58A48BD3F7A7AD7354010,SHA256=131D289921A8DADB218DF0D0E67B3EF964AD315171A92823D7FF5B7881E1CA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038227Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.605{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UD49G3NY52\System.Core.ni.dllMD5=2A6660246DC3C48C26515DC456C27404,SHA256=3A9DE09DE10C5F9F3A1D3B49FEF7A50181275A29E7A6B909E2850D80DD736457,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000038226Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:21.506{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59192-false10.0.1.12-8000- 23542300x800000000000000038225Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.339{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U97084HOD2\CustomMarshalers.ni.dll.auxMD5=1B8DC30D3E1603C9DFC6045DE267AF71,SHA256=9760764A3E526F12D9481D6A6D9590E737DDEDFAB481D8ECB2296CB32C0DF0AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038224Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.339{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U97084HOD2\CustomMarshalers.ni.dllMD5=53F371A0174862A68DC878FBC0D61266,SHA256=9FB938EC3F9D66E64AD525DE4F30CF27153A929044D64DBB8874CE5B01F8697F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038223Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.324{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0PIT4VXCM\System.IO.Compression.ni.dll.auxMD5=41EEBA98CCE6653861F4C0A7CE5DABB0,SHA256=30029B1A6AB901F5296117A11EF64E86D2CD12CDE5513326A8322C7389B31923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038222Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.324{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0PIT4VXCM\System.IO.Compression.ni.dllMD5=222717FF5E045032C8546855A709602C,SHA256=A51C561900046AC9B7FA831C5499459E234999D2E48F326ECC85A94FC5E5C193,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038221Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.324{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0MLKMHPO2\System.Web.ni.dll.auxMD5=3BF11075FF377DABD00295A10B159897,SHA256=06CD7958ED343C21E2B632F48856453AB2FDB59C7C3B82D30FC94BE485E62884,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038220Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.308{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0MLKMHPO2\System.Web.ni.dllMD5=A0A7A24BBB1337F0F402CA464D0270CF,SHA256=7A6208DE8BAF9327E0195E456E67B16729EACB4BF7CB6D9CD1C9A79F58B1F2FC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038219Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.089{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B398AB33DE61100560FCEBC195A25E5B,SHA256=9F91DC096819082EF568D7E1695475E958E19BFB2C0BB14B28DD084F03B51652,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038218Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:24.011{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1E511610815C1D4422FC286D3E16B355,SHA256=03BF6A3F45671B9E7B5859E7B9EA8B17CCEFB29D9B174CC9C51865C1E9678790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038239Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.839{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VOKV399A76\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038238Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.839{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VOKV399A76\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038237Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.824{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VGSM4TUE6Y\System.Configuration.ni.dll.auxMD5=EA64890856D84601CF0F15F8F925876E,SHA256=BC3CBF89983AF4F608D30A0FA34FB62C3F716BF7B77DAF65A806DD567D4EEA24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038236Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.824{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VGSM4TUE6Y\System.Configuration.ni.dllMD5=7C4B6B49CBB1C3DBAA853BD4E51B378B,SHA256=91DE196C16599FE3164E02F877E74D5F2526AC8C0B8DFDDD3A07D072654E8E98,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038235Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.761{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VFP45VJMS1\System.ni.dll.auxMD5=9DB501C48DC60DBFB5B0DEA1779EE47C,SHA256=A0D973D80250931A6FB9EE13DF0B860E736D456AEA631120A0012B15DAA98562,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038234Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.761{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VFP45VJMS1\System.ni.dllMD5=250BD9B205730F5DAA6260EEF61B4390,SHA256=E2ED60C97B5D4342A06BE98C8930413714AE287B8E678833C0A81DF457D20101,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038233Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.292{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\V6PJ8FVQ98\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038232Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.292{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\V6PJ8FVQ98\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038231Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.277{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UDREXPIV9W\PresentationFramework.ni.dll.auxMD5=8F1FD4778E91747A58145154E17EA5AF,SHA256=5F51126070FAC3B2FE9EFFC6F556531FCF6A24E2CDABA5256662A878DFC9E787,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038230Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.277{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UDREXPIV9W\PresentationFramework.ni.dllMD5=4EB0ACB2849F125982D53B74DBA06226,SHA256=BAB44F496D0350D8D73DD0CC0D493CC1C5F26C6A4959F50CBBDA7560E58A220E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038229Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:25.120{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFF4873518CB34D1014DAD2D44AEC69B,SHA256=9E0A79AE166D9362E0C66CFAFA7BC8B9A50C82E69C51245059D24405C2CA5D51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013440Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:25.428{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD72730C32A0798F1AFD8FB90F56FA19,SHA256=5C535834B61CCEBDD2C449C8ECFB4405C7A74B22F91107A10C5F50C95379AB3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038258Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.933{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WPILUDZPG6\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038257Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.933{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WPILUDZPG6\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038256Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.886{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WLMOZX3B9O\System.ni.dll.auxMD5=FD6DE591D3545BD3186DE631F46BB80B,SHA256=D9B496E22C03C6FE99055B4F3BE41057867B2190F6032B0E7B386988E37046C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038255Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.886{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WLMOZX3B9O\System.ni.dllMD5=94AE45817D7A11DB2165BC6DF4997AD3,SHA256=45879B1C723A5AE6F9577A9BC99A145C15487C5CD4FF456EEDBCC87403041C9A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038254Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WKZTAV0AK0\System.Numerics.ni.dll.auxMD5=1964D64FF04708A0CF5838B9DF1E6988,SHA256=30E5029EC1D69530F1631F056368F3DB0F87DFFCA5C3E7C0D8F81706B0BFE044,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038253Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WKZTAV0AK0\System.Numerics.ni.dllMD5=8E902B0115147C7B7399AC6133CFD38D,SHA256=D4DF764B7FA01B0EAFF612668AFA401B6BBE251A7F89E3B9D935479EF6259E43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038252Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WIAV2QPVKF\System.DirectoryServices.ni.dll.auxMD5=91B2F2790B225E9B80B1642A87D19DA5,SHA256=F23B64863222A016CF4439EEDC90057CFEC21BC75A0D7D8118CE8996F42E8B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038251Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.449{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WIAV2QPVKF\System.DirectoryServices.ni.dllMD5=EB699F153BF3322C608FA8EC593641AC,SHA256=C88E1D58C19711E2951ACAD7EFB6D6F420D52D13C93B77B4E80B36396EB5AF10,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038250Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.386{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WFQN4O5QK0\System.Xml.ni.dll.auxMD5=0065E7A8A8E46E486B81AF49DEDC3662,SHA256=16EC780118ECB011D545094DA54471D9E80EEEBFD7B6FC6CC36C0950B74782BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038249Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.386{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WFQN4O5QK0\System.Xml.ni.dllMD5=AE3813D8498A050E3F1C35361CBB502B,SHA256=D6ADECF0D79D00DE226C5558372C5A2AE2F662F9A9F0BAAB1CAE8FCCB77A525A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038248Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.136{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B0EC69DDF9B92E51CAAC025F3883600,SHA256=B1D5133AEB38AD9DE32463066E298F38E5B80BC3DD494F062132090320B67D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038247Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.136{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W50MXUJNJZ\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013441Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:26.444{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=096999534F810DE7269E18A3C747AD88,SHA256=6600BBB4E4215C5DBD2332E46FBFE777BFBB9655BCD2060E3E8399E6D5E1A2E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038246Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.120{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W50MXUJNJZ\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038245Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.120{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W1OTATR3BA\UIAutomationClient.ni.dll.auxMD5=49EEFA3688F97076A8DC47723F5C4845,SHA256=D64824E803DF08D47FB0EC670C5695F98C0B58A6537ECE77006412EB6785766A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038244Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.120{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W1OTATR3BA\UIAutomationClient.ni.dllMD5=1C08FF101FAAAFADEFC6F118ADE6297B,SHA256=126D05D508BAC0D8FBCC8E6863A936B443B5A47E03A34F956F0514918A00D001,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038243Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.105{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W0SJHH1P9V\System.Numerics.ni.dll.auxMD5=FC4A9B25E8155BEA4F2BAD2E9934B186,SHA256=E75825CDB00102013ED61BA8DC72868336265A7A43AFE27482A839A08E34DE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038242Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.105{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W0SJHH1P9V\System.Numerics.ni.dllMD5=0302AAD9C6C6C01BDD78B04909FF39FC,SHA256=EF8E4770CE7024DDF0796A901E32C0D76F1ABD6508ECF24129A56EB18CC7C677,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038241Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.105{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VX4BCJ2LB7\System.Xml.ni.dll.auxMD5=040DE208CE1EB5D0024CE936E00E3392,SHA256=33953292338BFB6EE2756974051377A824A6C6DA3BA533A3FBA6D86218957BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038240Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:26.089{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VX4BCJ2LB7\System.Xml.ni.dllMD5=6644706835E5D443B9822C53AED1B87C,SHA256=14CFCA3962038FEEFF28F93571BDA791D9DAF2FB8E34C066E027DBEF1D07F5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000013443Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:27.460{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2FC49155EB54A8355DB5C8F82E4B75D,SHA256=F8A3C9EA46636990C0B051CDFB31F159115235128F51F16924A5F8A6B0CD506C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038267Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.949{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XEFBNA36PH\System.Configuration.Install.ni.dll.auxMD5=5A370DF59B981781F12A7F3A37D66361,SHA256=110B34A25634C7C5EFD6242F5A78BB129C5DB3A8F7BCD745233898DF3B63153B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038266Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.949{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XEFBNA36PH\System.Configuration.Install.ni.dllMD5=BB79E90A6CDC752EC6FA8D004D881F82,SHA256=094F1E63ED0E7041F3C57AADFEA670CE53997439B064C4C5802CE19434004860,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038265Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.917{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XAOAEWYN6S\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038264Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.917{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XAOAEWYN6S\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038263Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X6YBSYVLCJ\System.Web.ni.dll.auxMD5=F75844856EE6FABD9C2BF434525D8F9F,SHA256=1F40EEB68BE036B5E0B884535BE71578A36B57947ED17056394FEF8E5E411B4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038262Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.464{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X6YBSYVLCJ\System.Web.ni.dllMD5=42107A9680DD1F0C15ECA4BD0B4C3A45,SHA256=E865E3843039ED20DA42936DE4AE5A66B282101FC494E5676F6BAE458429D669,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038261Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.167{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40BAD1EB8390663C4736CEFFE840B7D3,SHA256=F30984817A69B6FA3BCB5B40B270BDC22C6FF49AF5F6B69207F6F82143408A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038260Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.011{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X2S77D7DWO\System.Drawing.ni.dll.auxMD5=8BA67D8C1268098CFBBA2A626FF8FC6D,SHA256=4739DF54BA9C20953325031131B36E067190CF704B808F6886195A3426F3E43F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038259Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.011{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X2S77D7DWO\System.Drawing.ni.dllMD5=25C1B73B943AFAA7C8CC9475EEB22DBD,SHA256=5C5CB8277339CD69DC9C42FD25678D6752321C18797CAA37349203D499EB5610,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000013442Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:25.431{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50092-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013444Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:28.475{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A56CCB7D20B186A52176ABC215B1F25E,SHA256=6EF498165176C77938D098502ED315A095100220446D1440EDB92911F66916C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038278Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.761{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YBIDL94MA4\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038277Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.761{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YBIDL94MA4\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038276Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.699{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Y4IA8CF0NY\System.ServiceProcess.ni.dll.auxMD5=29E6A003183458CCF64AB3D7FD5E09A9,SHA256=60A7576757C609BEA9AC9B80C89C840C25628B230A49E43AE3297DC76FAF7D81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038275Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.699{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Y4IA8CF0NY\System.ServiceProcess.ni.dllMD5=04E405537AA94EDFF3323F0467D26778,SHA256=68136A857028E1F557F9FBB105346CC072FF372608AB0F448A7BA6AEE555D34F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038274Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.699{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XVFFVWAZ7P\System.Data.ni.dll.auxMD5=1048C0ED575A23FCAAD4A2A3D4AB051D,SHA256=4BF180857736CBED625371F3063FB75AFDCEA6BB064FB787B1CE79717F5B522C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038273Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.683{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XVFFVWAZ7P\System.Data.ni.dllMD5=97B08C7C842385FA82BB242375C02597,SHA256=12EDACC3503A34EE8F82B27C2E63D46FEE7F5C01CC2D8838A5ECD39FC615074D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038272Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.449{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XGTN4JOG04\System.Configuration.Install.ni.dll.auxMD5=08DAC8470A6071A6F9D300CCECE11FDC,SHA256=F21F4F9BD5BEBE704971BBC058A01C007211FABC2BF86E2BDFF504394E89A5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038271Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.433{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XGTN4JOG04\System.Configuration.Install.ni.dllMD5=6CEF29BBBE3A64E8EDA58C8614B58316,SHA256=D6B4C973DAA83DB08F6D1013643F3A287BE92A3DF7629A06421EA2370B126C58,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038270Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.433{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XFM9ITHJMN\System.ni.dll.auxMD5=F974195E5ECE86B40F7C98CEAFF80650,SHA256=6FED5EE609434200BCCA2E954E4FF45678A458F016A429BD3AD7BE480AC33845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038269Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.433{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XFM9ITHJMN\System.ni.dllMD5=13DE7F98F0CB9EB352C90FC60D125E6B,SHA256=895BF50B6C923C70F9F96ED6117D4F5929607376E5F00531F7E0E9209D4A1028,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038268Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.199{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6F836334047A7F86954E66C63B6C093,SHA256=C55FB1E107CDC9DE2CFF78D27FD23613A970CEA429062DD54CD69A6E732728FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038293Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.542{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZZT9OSN8RI\System.Transactions.ni.dll.auxMD5=999D14BCEA16BC6927359881D4D39D58,SHA256=E951F9BEEAFE791DF0F3CB3AFE9BD07BDE358EE20E01DC5F2018DDDB466EEC96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038292Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.542{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZZT9OSN8RI\System.Transactions.ni.dllMD5=069D6E12D3CAB923FD4E8AC75EE89BA1,SHA256=F4957C4BFCF882B16615546FCA8A910B09508E5520C62914203915BA51DC3DF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038291Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.527{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXIE4TWQX1\System.Numerics.ni.dll.auxMD5=03FB751D7366F1FADBD9267BF1C0D693,SHA256=5F68B3516C69DF888F1ACC44B0A716CE8E63DB995BEC4E8DB170237BC10908AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038290Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.527{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXIE4TWQX1\System.Numerics.ni.dllMD5=282F0EF6FEB85C1AA8A4D5EAED7B0345,SHA256=9999B5F5E7F6A025582ABB469F2B898514033BC187344B9CA7E507DAE28CB542,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038289Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.527{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXC84VB1B5\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038288Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.527{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXC84VB1B5\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038287Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.511{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZWB27RLG8P\System.Management.ni.dll.auxMD5=DB8ADD4CB7AB7C2BECB6E5D2876DCD98,SHA256=C508A4E3185C74167CBFDFFFC0296BAE94CD0406996404244EA570FE5FD4FCDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038286Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.511{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZWB27RLG8P\System.Management.ni.dllMD5=4840576F30CADC46214E01EEB1DDEB0F,SHA256=182B6C71998AA6298C694DEE7047C8D4E74228A3B112BE72EA26694380F7E86B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038285Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.433{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Z9ZNHXO485\System.Core.ni.dll.auxMD5=FF4E2C92B938268E23AEED9F7BC732F8,SHA256=19FC78637B8A3B2A736A0ADD2E08F35E595E8854D68B668FB03022BD4AAECBBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038284Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.433{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Z9ZNHXO485\System.Core.ni.dllMD5=95173A32BB22297C898788BECB82637B,SHA256=EA0063A4BEF0AD2C8C8BECBFF53222AF78D9E5C3199903A8CFCEA2E63BB78C24,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038283Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.402{7BD73061-664E-613B-B000-00000000F001}4184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=086DB1CFB481058C3EF9F48D868FE74F,SHA256=BB95DB224236BED3122F53106B6D7A2930FE56435B98D0E225AAE99BDF5D7CF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038282Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:27.522{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59193-false10.0.1.12-8000- 23542300x800000000000000038281Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.214{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30CC4007AFBC039D4B90454396ADEA20,SHA256=880579BD258D4E04DD48E96AD63D9501B48D87D9F759B99EAFD2F7C6D6384B3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013445Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:29.491{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40FAFC0CCAE1471CDEFD85A87F403262,SHA256=39587140FA7D65B1611BDC83D0BF022BDC1DD39C69BC7DF9AE749FA70A27E87A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038280Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.136{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YW6H3N5KJN\System.Core.ni.dll.auxMD5=837ED7C37327AAC0A3D72346C92C1E33,SHA256=03CCB7D13D93251175DE2ABAAA91E995C4A2FD627167E2E150B73A0B68C288FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038279Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:29.136{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YW6H3N5KJN\System.Core.ni.dllMD5=FE8274D8E31521C1EE127F0B9A468B11,SHA256=5EC1AB20A6FC7C8B10B5915D6BFED9B96EF524DDE933816D521A21239C339D16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000038297Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:30.556{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038296Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:30.462{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=717EC30326A452D6039A5DCCE8D1ABF8,SHA256=0EE9C6CFAF7EB70D992561244F571079077DC6EAA21F217EC4D02E3210DF4836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038295Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:30.447{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B1C05D3A7B68C97C3D9BFF94440347E4,SHA256=C53BA5376280B43C09727F0F572F602FEC7E24142094B0C06CF829EBFC48DC42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038294Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:30.231{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8269245FC19BB4EEF6FD1D45CBBB37F8,SHA256=1334CBBFEF7F59A7BED09B022B9F89EC02836DDA24E3967EC905B94752B677F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013446Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:30.496{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDAC583E2059A2A6EA35A9F91F3D21A2,SHA256=598D3D2132BE082407CD8C8311D3530F06368AC93833AFFD3430D4C1C902FF25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013461Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6ED7-613B-8604-00000000F101}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013460Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013459Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013458Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013457Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013456Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013455Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013454Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013453Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013452Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013451Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6ED7-613B-8604-00000000F101}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013450Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.684{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6ED7-613B-8604-00000000F101}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013449Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.685{625C326B-6ED7-613B-8604-00000000F101}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013448Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:31.496{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9D977F43A7F805CB206993B18A1C85E,SHA256=28260B432174B28FCB45271676623AE6C9E0F9D4190512ED6C9B3AC2E9C45CF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038302Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:31.916{7BD73061-65B2-613B-1100-00000000F001}432NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4564DDE539A64350DF262A40BF99F573,SHA256=7554BDE24C3AF44608625441FB492661A52AFD051DB3E97A5207E46E9708435C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038301Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:31.525{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=717EC30326A452D6039A5DCCE8D1ABF8,SHA256=0EE9C6CFAF7EB70D992561244F571079077DC6EAA21F217EC4D02E3210DF4836,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038300Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:28.711{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59194-false10.0.1.12-8089- 23542300x800000000000000038299Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:31.337{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038298Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:31.259{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22A9309F7516DF528F081C2BD30F4181,SHA256=EA66C76DDD57F043CBD98F7D1927F63E550C641CF0F5DC5AF518475DF64EC837,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013447Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:30.509{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50093-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000013491Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6ED8-613B-8804-00000000F101}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013490Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013489Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013488Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013487Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013486Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013485Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013484Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013483Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000013482Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC91B88F2575C93127AEC1D0CE214773,SHA256=6A5E80E423218F893838443E65A65CF2895F83933FF812474168892C7CA1D9A2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013481Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013480Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6ED8-613B-8804-00000000F101}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013479Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6ED8-613B-8804-00000000F101}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013478Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.828{625C326B-6ED8-613B-8804-00000000F101}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013477Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2298197AAC2E5597A59917AA0E571E1,SHA256=542D274B9C60718304242B8F64E91F830E3FBAE656A5ED182CABE7A80BACE8B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013476Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.824{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEF28392BD85A539980F34B73437C5CB,SHA256=A7C6028B117E5215395BF8DE1A33B41AC21B796C4058C2D20A73A3E76BEE2997,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038305Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:32.806{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038304Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:32.634{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0EBB7EAC0F6EC9FABDE44449C347B367,SHA256=5A201398077B480AE05DF2CA3DFD733C22F255BCAB596F2FDECF6C4B28283FC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038303Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:32.275{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56D976D306B2327DAB30EFAECCA84123,SHA256=467D843A4D1FAB641E29E141C515F2C3DBBB927C5BCF4781A0A0CE1050B49E6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013475Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.466{625C326B-6ED8-613B-8704-00000000F101}16244008C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013474Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6ED8-613B-8704-00000000F101}1624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013473Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013472Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013471Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013470Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013469Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013468Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013467Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013466Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013465Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013464Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6ED8-613B-8704-00000000F101}1624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013463Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.199{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6ED8-613B-8704-00000000F101}1624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013462Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:32.200{625C326B-6ED8-613B-8704-00000000F101}1624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038308Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:33.650{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0E958D0BDC986AD8E8F9547A36A1B0A0,SHA256=779B4B2B70390FE8304A7C12EF00378C640D7B31CD992443FE7AC97741A4FDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038307Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:33.462{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038306Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:33.387{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C379B7C6F2B76B654E0F9DCCEF411135,SHA256=6FE3AF3E312A12B56035FF8EE69CDF7EDCEC5AAA4A12AC49BD8AC46428DB6FE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013492Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:33.840{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC91B88F2575C93127AEC1D0CE214773,SHA256=6A5E80E423218F893838443E65A65CF2895F83933FF812474168892C7CA1D9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038311Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:34.665{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7EB471DFC38657773F7EDD5086A236C6,SHA256=4ABA2D177B7DAEFFE3F3E75029B33A0CFEABCB278251EB5F5F8A4ECC06DEF2C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038310Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:34.400{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=370F08DB68F9DFA1138E546DB3B56ABC,SHA256=3362BC065D992014B0D3CDC98F8C999EEEAC71013E4E1DA0CD498D8260D515FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013507Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.481{625C326B-6EDA-613B-8904-00000000F101}40043032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013506Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6EDA-613B-8904-00000000F101}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013505Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013504Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013503Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013502Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013501Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013500Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013499Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013498Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013497Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013496Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-67EC-613B-0500-00000000F101}4122740C:\Windows\system32\csrss.exe{625C326B-6EDA-613B-8904-00000000F101}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013495Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.106{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6EDA-613B-8904-00000000F101}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013494Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.107{625C326B-6EDA-613B-8904-00000000F101}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013493Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:34.059{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=866308AACFF9D2035F3DA968F6B08954,SHA256=F7E43D6ED2D89484FA5278D77A0FC3158831AFD3789390B7E52CE87DECE14290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038309Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:34.150{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038315Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:33.551{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59195-false10.0.1.12-8000- 23542300x800000000000000038314Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:35.775{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E06FC7B3F1226ED12B698752F9AF73BE,SHA256=F040D28B694492D5FA980757773F0ACC843E08F692D2B9AC4EE105C848B63DBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038313Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:35.619{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CE0083C5C087483DA49C759BF12C370,SHA256=BF0F2CDE6790E00C173E91BFB751F859BE8818620E352CE3F0562E3CC9DD57FF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013537Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.981{625C326B-6EDB-613B-8B04-00000000F101}20123408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013536Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6EDB-613B-8B04-00000000F101}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013535Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013534Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013533Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013532Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013531Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013530Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013529Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013528Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013527Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013526Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-67EC-613B-0500-00000000F101}412528C:\Windows\system32\csrss.exe{625C326B-6EDB-613B-8B04-00000000F101}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013525Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.699{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6EDB-613B-8B04-00000000F101}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013524Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.701{625C326B-6EDB-613B-8B04-00000000F101}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013523Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.465{625C326B-6EDB-613B-8A04-00000000F101}36363536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013522Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6EDB-613B-8A04-00000000F101}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013521Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013520Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013519Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013518Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013517Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013516Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013515Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013514Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013513Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013512Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-67EC-613B-0500-00000000F101}412528C:\Windows\system32\csrss.exe{625C326B-6EDB-613B-8A04-00000000F101}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013511Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.199{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6EDB-613B-8A04-00000000F101}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013510Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.200{625C326B-6EDB-613B-8A04-00000000F101}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013509Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.184{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86DF6CA60587016B190C5F30E65F70F3,SHA256=A7494C24E08C11DC6D2F0ABEE9D53BBD9997C130AB0755285874586D2FFBDBB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013508Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:35.090{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74B3604CCBC150A2D43723B346C76519,SHA256=FC52FE2882B16E53F12F18DAD920FDD8CF9C253D8D3B2C00758D9F8C1F3DAA8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038312Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:35.400{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038319Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:36.884{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=088992274F536E6DE47853668B4283D7,SHA256=E3B47076C7CC9889D8322E8D95D66E2F186ECABA6FE58202B87097FBC4FD0C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038318Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:36.761{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C185927AC1709A6ED53EEDB46E444E6A,SHA256=762FB98E1187A0215EAEE9473224AE87D9529E8BF7015E880D8872CFB0A23546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013552Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.387{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C60F52203E6A2F4977EFB6D21BC1EDD,SHA256=60AE2B86E5284A8302312500CF422519C896A4618544F53B8947A646DC7C21BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013551Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.387{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=916F342D21468FA6105EEA9EE729236D,SHA256=6C7270F441CDF3E8331AB3F6A117C827BCCE4ECEAEC1C02971640CE6B26AFBAD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013550Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6EDC-613B-8C04-00000000F101}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013549Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013548Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013547Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013546Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013545Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013544Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013543Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013542Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013541Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013540Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-67EC-613B-0500-00000000F101}4122740C:\Windows\system32\csrss.exe{625C326B-6EDC-613B-8C04-00000000F101}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013539Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.199{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6EDC-613B-8C04-00000000F101}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013538Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.201{625C326B-6EDC-613B-8C04-00000000F101}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038317Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:36.665{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038316Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:36.009{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038321Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:37.884{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=27B76109F9D548F23460B1887682B739,SHA256=9DE6D232D231D3426775D471E280086870E3962270D0100BD27FC343A0C6D9DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038320Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:37.790{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9406BA4BA5667AE2529EFD980A6109E,SHA256=E243318234F61C5F394DF315D69FB7AD53BA135F3696D3499E6259458B97BE6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013554Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:36.393{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50094-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013553Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:37.246{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=986AEBDD6D4D2429E0D7B516FD7FE3CA,SHA256=5DFFC902458BB303DA406478270A073529D0F8EF383402EA51E4BD15D281DC77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038323Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:38.947{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4FE67F6857C431052856730C5E4398AE,SHA256=F351E3CA4A18E1083DC6C8305E4D71A9FBF2D07DB5ED06A0ECFED41BB556F09B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038322Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:38.884{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69F73753183AA8FDA1F0C99AD871D3A1,SHA256=3FE8AF4A2F7225F5F0E57901D8A2C756193564EE8BE911519287964F9D978DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013555Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:38.293{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D626F441F9B6B9B1B88E6AC45A2FA41,SHA256=02C0BDEBF6EB335950ED03FBF372BFD49B05CA10EC420E299C5B82DAD18356F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038325Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:39.994{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F5FF9FAB6DC236099C01F0BF969EC95A,SHA256=01B7FD36B2A4D12DA1A69261BF20959295FE014F19771092A846E2A52A2C138C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038324Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:39.947{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C980D9C2CA72231C16CAD6485F351151,SHA256=5D39B3821A1E020DF75653974CCAA32E497D50DC66FB228D9D20CBA1BEE4B8AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013556Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:39.324{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F5B645E7AE00B69F412A2EEBAC09496,SHA256=CAC37D63D59BB1BF6EB54957BF62356BB8559FE438C7ED6ADEBB3EF097A8539E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038326Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:40.963{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0792A448D48CDD418011D6D75CACBDA7,SHA256=3494783C65D1EA4A684ED316BBB82AC5078CC82955C8A853E71AB85A32DA38EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013557Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:40.324{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAB0131EF624C2C1FB18239D088BB24E,SHA256=9A7E2D446748CA0E2B2AA8E65A5C6BF0A6D4327B42EAE3E5DF9C45AE12FC9CFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038328Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:41.994{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978B69E1DE864FBDF11ABB7565B574B8,SHA256=AF5282EE06329B682547AB166DACE9C0488E7C3B45FDDB1AB9CC33F6DAFBD1DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013558Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:41.325{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07F5FAE21CDEB89FFA394E9A081A15F2,SHA256=2EBF94A5D26A5C581BAA6539D60635009A81AD454CC5B6DCCDEDB2101CB11971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038327Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:41.056{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A4AC71591D6BDC88FE3CC7EB1576887F,SHA256=9CCD28A7D25EA8E1F33E375A01C615A78EECF1F88691D9825BEDD7841913BF27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013560Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:41.546{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50095-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013559Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:42.340{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57AAA172D78E67C73B43E5229C822E1E,SHA256=746BF9EFA386F0D08F0271BE364F53CDDF5A9F446F64E0AF0679809E11EF9DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038332Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:42.822{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038331Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:39.412{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59196-false10.0.1.12-8000- 23542300x800000000000000038330Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:42.103{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038329Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:42.103{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7D4115147A1A12E26180870385E9D510,SHA256=3CD15C738C2852DF91411ECFC90964E3D3F6673FA77F8B67886BCFC656E75568,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038335Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:43.383{7BD73061-65BF-613B-2900-00000000F001}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-044adde96bd54cffd\channels\health\respondent-20210910140346-037MD5=0ECBD96D4C8EFA762750D80ED755F871,SHA256=884DCF4CAE7DADA9980CDF8B8E62499F900EF27E1E36C36938E27750A8EC29B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038334Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:43.208{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=FC942C45F7628DCFA424E9C41EB44E1D,SHA256=2D68E840AC315DB3A16D1C5D7908DDD583E185A2F32D94734452C4F743A02514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038333Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:43.067{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA6590A12EDEC1580699638810C0A8A2,SHA256=ED74A3B0925F61308ED1EE72FEC6581AA3CEEC4751E4944DF7FE7F14A76E931C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013561Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:43.356{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6426B7F595AEA79DDFFC856769382F01,SHA256=868DBC89FBD303723CB3BA85565F5D09590780DBAC9B1119AF6028DF56490A3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038339Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:44.972{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038338Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:44.390{7BD73061-65BF-613B-2900-00000000F001}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-044adde96bd54cffd\channels\health\surveyor-20210910140344-038MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038337Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:44.390{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1BCF75BF0DA323D2E4D4FE78002AE3E7,SHA256=ACFAA6ACDF208698D052185064C732D07A906DDCAA6C08D1FCAE9CDA2AF53B7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038336Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:44.250{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C74D841657058838210825A688A6343,SHA256=3C6B6500FF29D41058BF52B9DE6F86972BCC52FF067E7376F3398FA8F924F977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013562Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:44.356{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3D0FC67B2244125DE4C2E5D85AA8B14,SHA256=98335FA7C070BF2CFEFCC753CC08F8A14AA717B93E74130FBB7DFED5BA117121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038342Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:45.660{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038341Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:45.378{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C2F651C4915AF06D4AD49930CCEA6FDD,SHA256=2D1CCAF8088401D246F1C2A15598C967E691F7C3A0B7C3A0064D13F0A2457CE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038340Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:45.300{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C4B13476F673F34B319E1254D27C62C,SHA256=BD420DF1F26FE7B06ABDB735F58E96843523F19A1634DD00C43188CC671F0133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013563Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:45.371{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF36CEEF320ED39AF29696F525466386,SHA256=CB13341E793887A43FB350E8762CCCBE04F57F36D2B6BFE556AA2595671E9623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013564Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:46.402{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50110D5231F2A6E12B6BAAC91730A9FD,SHA256=4228BA4680E8F1A541FA4183D03E2C56156A62957EC222FFEF98EDADF324E7B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038345Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:46.441{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=40E5F13F060BB6ACE76A38C033692D95,SHA256=7239A465D9F5376CEF762A943AB927A3215C39DBF87EA41E228D2A252E9D0203,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038344Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:46.301{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038343Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:46.301{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61E8985029D390D5F061838E9B8D5DB7,SHA256=AE2E4A5C651386424E94032D3E501F52BF95C337F579DF54EF16D86479D0C83E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038348Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:47.519{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=94A248156F8335852A3D136F85D8C0DA,SHA256=947A3A9B41C2C30ACDEB79083DD5222499BBF01A5512EE02445379CEE660CC8E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038347Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:44.545{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59197-false10.0.1.12-8000- 23542300x800000000000000038346Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:47.347{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F0EA6C45EDF254966EC58152615D8F4,SHA256=B66190E7E746339BBB1D8AE1C3A05EC9E26D6FBA36C4F4E02C88AEC8BF5435E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013565Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:47.449{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E201425D62A4553AC87343772634FD7,SHA256=30C3ABD3270F8687798A73314EFB9E09A97116A5DA35DB83C96AA07E763EFB7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038352Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:48.925{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038351Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:48.566{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=59EC811FFC047CDB2390D74CE7C95F34,SHA256=C44B312B8B32C852C3C5E746FD4438BA49010F8B0D054C4FF679F0C55113D2E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038350Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:48.441{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EA74841A70C2602B9A5CA8EC5991536,SHA256=D9FA0CD1416FABB41D090D022D0A4907FD947A68F96C40AF0038390E7F05D091,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013568Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:47.422{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50096-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013567Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:48.594{625C326B-67EE-613B-1B00-00000000F101}1908NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0e4d5849e4b95ca2f\channels\health\respondent-20210910141306-028MD5=3A9A88AD6100E8BB934749ED83730993,SHA256=EA67EE5E06491F5BE852A39DD3E98E85E9195686879C0E2F42582046B4398283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013566Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:48.451{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=853E798286422A8109B2C0CF0BBB4BE2,SHA256=0B5BDD1CA7D5740DAB377BECBCF11C61D59D672FD71F7B8D88D10CFADBCAEF0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038349Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:48.269{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038355Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:49.722{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038354Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:49.629{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3B9BC319C109A6229CE6B2C9DDB48C6F,SHA256=7ED9F7732784EAB1B4B1DC41C78B0B3EB04CD9BEC41A1D15E73EC40FAAE6C1E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038353Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:49.458{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF2FCA58ADBDF36CDFD075AFF4A0734E,SHA256=72ED30E5B6EF54B271DC44F86662EDA084B2ED4BC60930BBC7BF5B6145693E2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013570Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:49.595{625C326B-67EE-613B-1B00-00000000F101}1908NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0e4d5849e4b95ca2f\channels\health\surveyor-20210910141303-029MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013569Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:49.485{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD06BDFE8D8763785DAFE596FD409DA7,SHA256=C13FADBCFE1F4BCA544F9BA84EAD1E350617A36137EBE8D779325EAB19C6096B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013571Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:50.494{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B370F35C6BA2BD312F67893256D1AF58,SHA256=4231CDD8499F13503AA6577629B2662649D974645F6C5BD12524B66F091BF365,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038357Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:50.654{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5634B54598AD3F5D246DA0342A63D2CF,SHA256=12E0D33981A7DD1D7D825CEDBB6A8CF16D1F80FC5C02571BE44BB6712B8D57F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038356Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:50.482{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90CCDD716BAFADEF0C897FCA9D043F10,SHA256=6A05BA383317C986C500A0019CEB35F5AC39F905ED44BEAB5B8D0671B7DA8950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013572Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:51.540{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F47EC2FD10E06F7D0DEF3FD1FC38E33,SHA256=971C324264401FF7C06D5C7100DDC2FD1DA462DEDD9C8EBD5F7CCA37A869C163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038360Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:51.701{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=393803EA65ED3D06FC44E1F22240DF04,SHA256=E1D475DCA81410B09C81AD1CAE53E14BE469FDD20453B09FE26C826C3F96221B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038359Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:51.654{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038358Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:51.560{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=107B98DAFCF55B18B1B7563CA108E8A1,SHA256=B99A5DF056FA1CF22A4FE1A80F0303119B91F3DA80AA6FF005674AE93251ACAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038364Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:52.966{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038363Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:52.764{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E9B439970C2CA9BBB7D3ED5BE74CE784,SHA256=43D1967283AB0F0AB0884764825E187C43C58D15E3FD25199E5F32C037DF3629,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038362Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:52.716{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80BF7EC67C696EEFFAC149767FC74AA6,SHA256=951FEDF81AF7C4F9614E202E398AE6BFF22D9BCF2177AD9894C0F5FEF098A9A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013573Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:52.634{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=821727900EDB5F913B7EF8BAD4822BA2,SHA256=9E72023C3EE54E0CD3D244C3EDDB1F937474AD629E6D733E4C9B9AE455F5DF2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038361Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:50.461{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59198-false10.0.1.12-8000- 23542300x800000000000000038367Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:53.841{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0F37B2935334AF650ED3C21019BB2652,SHA256=AA737D196D6F89FA1EA0B4F90E26E5EF06AC0A96820211EE7ECA81C0912F42F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038366Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:53.826{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56972F2693E39D4917095858CA81FD42,SHA256=E079246EDA83187A1C1C6035101722E6BD8A394F2758F8BB09709DA90449BBE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013574Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:53.665{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F0C88E93439632B833C1A28C5F9D2DF,SHA256=0161C83C5D91DB90331E05DB988BEAECC91F441CE4BA587C0E391C2167A04A96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038365Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:53.670{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038370Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:54.857{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1DDCC2ED4F97AD93CB8BDCDBFE012480,SHA256=1484503163589627A8A42791348D1C6C21E8727DE531768818E5B479DEF26A6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038369Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:54.841{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5891E77526E0A28FB2A394DAC72718F0,SHA256=F1BFB4F416AAD413E5514BBC3D73348CF4C18A887FF785480AF4E52F92EE2A84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013576Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:54.712{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D854F5C0CD4E9A1B6FB1FC2352224D9,SHA256=D26715AB33369D7ADE8ED5F4459B271CAA3E91DB1B111685A66BB2BDA751F5BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038368Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:54.310{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013575Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:54.619{625C326B-6879-613B-A400-00000000F101}2004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=086DB1CFB481058C3EF9F48D868FE74F,SHA256=BB95DB224236BED3122F53106B6D7A2930FE56435B98D0E225AAE99BDF5D7CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013578Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:55.728{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BF8B88384CC512F0072FC13538A842B,SHA256=559EA7A29C62C85069A8DD0B315C4994F15C1C50C86E663C4CB8E6BCD790A775,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038373Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:55.920{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=188DAD8A04B4A8AF8BE7D7B05A7F7A42,SHA256=51449278E58C679F12A40C6A3135B665A81957AD9DB68F7843ACD837FF39CC1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038372Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:55.904{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A071680AADB64282203211021582A512,SHA256=9F0AF9A6E8396D7E2454F10D90DFCFB8DE4C96009D2C27B84B55ECC50C6EFA15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038371Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:55.607{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013577Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:53.465{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50097-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013579Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:56.744{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B8833BB78FABB01D9879F7E7CEB5810,SHA256=C3BEEDC55A64EA7148EF48B539867705C0164E3057ABC5D92BD1C0B05854FD77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038376Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:56.951{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038375Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:56.935{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=48A20468445C65BBA6B05F67281A3227,SHA256=94BBDDCFDC6C707B0B5217884FD6074273C2DB6604B969C5D4C6E7BC0C98619A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038374Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:56.310{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013581Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:57.759{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EA5AC79D129D4599531AD8B1B42B729,SHA256=19C9C6D6067D7E765A84F2511F9846D0CA0AECA2FFB1D2C202E42BEAF032331F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013580Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:54.934{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50098-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000038377Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:56.998{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC40172C2AE8E03D0A6DBD02E360E406,SHA256=727BC366CA826F946087A64E160B98D68CC0760B29003C54211BF90AF507790A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013582Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:58.775{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CB0D149309D62C444CD864AC0656284,SHA256=557BD43B3D72E6169244312E9DB4533783534513810BE3F4552EA601F298AE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038382Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:58.966{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038381Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:56.383{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59199-false10.0.1.12-8000- 23542300x800000000000000038380Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:58.248{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038379Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:58.045{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE11627B83F4EC1ABCE70AE079AED5DE,SHA256=6E46389BB286A26026DC465A14FA115C474FD28E8E8FD38474AF49BD0FB5EE6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038378Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:58.029{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=BCA256DBAF8162C52052EBC571A17AFF,SHA256=9F37C2ABD80232711AF0AAA641D9F335A2EBA465882E5378A7205CE5F4843517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013583Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:59.790{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80AA30FA1D67650C680D11C42CF6C445,SHA256=0006C4156479AB93DE0941FC2E140D2561EA7B30290F7ACC8C7C5B96E638BC29,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038390Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:57.495{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-387.attackrange.local59200-true0:0:0:0:0:0:0:1win-dc-387.attackrange.local389ldap 354300x800000000000000038389Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:57.495{7BD73061-65BF-613B-2700-00000000F001}2852C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-387.attackrange.local59200-true0:0:0:0:0:0:0:1win-dc-387.attackrange.local389ldap 23542300x800000000000000038388Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:59.748{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038387Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:59.404{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C02F1A641E920119E1B49A74B3D38A3,SHA256=0AE78AB22D90010D12F018595502D86EFD5C871DAD25C959C956B8BD749E3258,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038386Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:59.404{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D845F47BC758687CE17086B25A513FD,SHA256=3FCF3ED2902EB6009205EE9951B5955B41C9543D77E70F5E9C329D101D3C1C6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038385Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:59.107{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDADB8AE088017BA02EB740E818FA09E,SHA256=3CFCDB91B243D4964403A8F82D8D9D9919EB20F36CB72C54532FE85D552CDA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038384Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:42:59.061{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2A92DB776B7A67A6FB49C95F072B7A59,SHA256=47927C72E44737A6103C824B4D016F14A25BD401D47B89A460A02BC172787067,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000038383Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:42:59.061{7BD73061-65B2-613B-1000-00000000F001}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7a652-0x2649c683) 23542300x800000000000000013585Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:00.806{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0723CA8AA19A3529CAFECBECE69820AF,SHA256=13D70C10D580AA2904B441457460E43BE4F5E3CAA5DE0CF6DC229DF93B7C7A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038392Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:00.170{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E662CC0F309048A3CCE2E01EBB065C1,SHA256=9E2727EB1CDA75BC72487E723F14A17CA3D18C57DD6E7E2E050B1B1C0F4206E1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013584Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:42:58.512{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50099-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000038391Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:00.091{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C57EF26D98E4FAB32A074541125BE08A,SHA256=EA61D9E512788416D4DE7B9C648494C4173446F74E811264F8FAED7219EF03F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013586Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:01.822{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40860F79D0FBF55B2499E3E0879894E8,SHA256=4155AEFD62E0625C7AD10C2A41BDE5C235C87BCCA314C12D16929FD83DF73191,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038396Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.904{7BD73061-65B2-613B-0D00-00000000F001}8925164C:\Windows\system32\svchost.exe{7BD73061-6D0E-613B-8C06-00000000F001}4864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038395Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.185{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80CA16DDF2737BC8636A55CD7152C730,SHA256=CBF7D0B3A4D89E9DF6B47D586DC01DB947ECAFCFB7559957CE6DFBB324D87FA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038394Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.107{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0F613C4FFB3FDF7B6C2AA36B4AE56B74,SHA256=CD18A4C36107644EF90DC53898C97E16A5C229C08FCF97724D0DFA4EF02BF784,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038393Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.060{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013614Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.837{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91DAD9862B14F70ECCDA2BB9EFD92F7B,SHA256=36DDBE92CE544E8B9229DCED88E68BABDADCC329AA0B9C066EBF53183AFDD95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038399Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:02.232{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038398Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:02.232{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7EC2E1CD21FA36FB0B7A7B76A23574E,SHA256=F1427FB991118F037377BD8676E7B303D18D096426BB9616021578D77317CE14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013613Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.587{625C326B-67ED-613B-0B00-00000000F101}6283684C:\Windows\system32\lsass.exe{625C326B-67EA-613B-0100-00000000F101}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x800000000000000013612Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000013611Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000013610Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000013609Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\FlagsDWORD (0x00000002) 13241300x800000000000000013608Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\TtlDWORD (0x000004b0) 13241300x800000000000000013607Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\SentPriUpdateToIpBinary Data 13241300x800000000000000013606Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\SentUpdateToIpBinary Data 13241300x800000000000000013605Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\DnsServersBinary Data 13241300x800000000000000013604Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\HostAddrsBinary Data 13241300x800000000000000013603Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\PrimaryDomainNameattackrange.local 13241300x800000000000000013602Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\AdapterDomainName(Empty) 13241300x800000000000000013601Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.478{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\Hostnamewin-host-166 13241300x800000000000000013600Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{171CAD81-9AE4-4B05-A920-33F7DCFE5C85}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000013599Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000013598Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000013597Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\AddressTypeDWORD (0x00000000) 13241300x800000000000000013596Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\LeaseTerminatesTimeDWORD (0x613b7d06) 13241300x800000000000000013595Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\T2DWORD (0x613b7b44) 13241300x800000000000000013594Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\T1DWORD (0x613b75fe) 13241300x800000000000000013593Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\LeaseObtainedTimeDWORD (0x613b6ef6) 13241300x800000000000000013592Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\LeaseDWORD (0x00000e10) 13241300x800000000000000013591Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\DhcpServer10.0.1.1 13241300x800000000000000013590Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\DhcpSubnetMask255.255.255.0 13241300x800000000000000013589Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\DhcpIPAddress10.0.1.15 13241300x800000000000000013588Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:02.462{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{171cad81-9ae4-4b05-a920-33f7dcfe5c85}\DhcpInterfaceOptionsBinary Data 23542300x800000000000000013587Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.181{625C326B-67EE-613B-1200-00000000F101}300NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=BC6C1115D58B68D32670EDE761C9740A,SHA256=86D2FA9240B3E29383B5717AE4CDF96BF8D7D08C6349D73F5F5DD03D0407FF40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038397Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:02.107{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DF5055058155A759213327DCFC14F27F,SHA256=EC3270F5FC9A838C4D542DDA6A02DDFEEE2C3B9E940C857C467C2C55F1B938B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013615Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:03.837{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3544777457C7A83BEEBCAEF4272C1093,SHA256=86753CD10B4838904573211664D1317C00F88039647F6BEFED755C36CF2419C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038438Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2B00-00000000F001}2964C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038437Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2B00-00000000F001}2964C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038436Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038435Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038434Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038433Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038432Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038431Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038430Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038429Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038428Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038427Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038426Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038425Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038424Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038423Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038422Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038421Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D0F-613B-9406-00000000F001}4480C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038420Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038419Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038418Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038417Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038416Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038415Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038414Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038413Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038412Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038411Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1A-613B-A306-00000000F001}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038410Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1B-613B-A406-00000000F001}4636C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038409Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1B-613B-A406-00000000F001}4636C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038408Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.920{7BD73061-65B2-613B-0D00-00000000F001}892916C:\Windows\system32\svchost.exe{7BD73061-6D1B-613B-A406-00000000F001}4636C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000038407Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.918{7BD73061-65AD-613B-0100-00000000F001}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal50100-false10.0.1.14win-dc-387.attackrange.local445microsoft-ds 354300x800000000000000038406Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.916{7BD73061-65BF-613B-2A00-00000000F001}2956C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-387.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal63950- 354300x800000000000000038405Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.806{7BD73061-65BF-613B-2A00-00000000F001}2956C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-387.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal51586- 354300x800000000000000038404Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:01.800{7BD73061-65BF-613B-2A00-00000000F001}2956C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-387.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal60866- 23542300x800000000000000038403Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.607{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C02F1A641E920119E1B49A74B3D38A3,SHA256=0AE78AB22D90010D12F018595502D86EFD5C871DAD25C959C956B8BD749E3258,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038402Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.466{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B899355220072096375E96946450DD29,SHA256=C23F599D4BBB569A7EFF59550DC778FDE6680B29B4D1F0070DBFB91AD9F8F302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038401Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.185{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=01A8D587E7D1E89AB054D2DAA86FD3B3,SHA256=BCA4F0B6407ACFD5418E6946378CF5E5A2B36FB3E8ADEE70B73CB4F7D7E69952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038400Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.029{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013620Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:04.853{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7520A6EBFE9C63B096A5980EA7FB0B35,SHA256=0EA234CC675DDF8D17303866F7C37CD79BB7AC9031BBD2F4CD76B86C754A5211,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038442Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:02.414{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59201-false10.0.1.12-8000- 23542300x800000000000000038441Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:04.623{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E6379B9A41B13C9EEB0F6F5814FC54F,SHA256=AA667AA80EEA82331C82AF6FFA42D21A49345AD5D1EB767AE37F09D412DAE819,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013619Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.922{625C326B-67EA-613B-0100-00000000F101}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50100-false10.0.1.14-445microsoft-ds 354300x800000000000000013618Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.804{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:58c1:43af:b80:ffff-59017-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x800000000000000013617Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.803{625C326B-67EE-613B-1500-00000000F101}360C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:b532:95e8:6ea6:bec6win-host-166.attackrange.local59017-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000013616Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:02.793{625C326B-67EE-613B-1200-00000000F101}300C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-166.attackrange.local68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 23542300x800000000000000038440Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:04.435{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038439Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:04.216{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8FB48B7D044FB42E6B3281A800BA04C3,SHA256=7D6628FBDAC0F71BE8C8488D6C5AF899E755E343383C92A730B07587CD6BDA9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013622Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:05.854{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F534F6B7489AD44F5DC92817B1E73E64,SHA256=980F2EFAB78EE57B2B79AABBBB6EB89E6C028B3581BF3CBA12B6400B75069989,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038447Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:03.555{7BD73061-65BF-613B-2A00-00000000F001}2956C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-387.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52197- 23542300x800000000000000038446Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:05.794{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038445Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:05.717{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=532AE1C1805437B0AB49B17D8C63019E,SHA256=1C88C8F909D19F9D4D316854FC6A143D3472DD18D7DC9C51366EFB6AA80B37A1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000013621Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:03.640{625C326B-67EE-613B-1500-00000000F101}360win-host-1661460-C:\Windows\System32\svchost.exe 23542300x800000000000000038444Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:05.248{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7CD87A55430E39A475A746FB47C7B306,SHA256=DA2DC67EC2AE0DC135667EF506C1C889C159C3053E47CB1474C0363E8E0BB082,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038443Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:05.138{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013625Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:06.854{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A081752E7D0AFDF45BF8E2FBAD9EDED,SHA256=99914333D1239D702149BA2D233E164B43C1FEC4E1EBE059748B983246D7D428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038449Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:06.796{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E35D00B25264B56678B09AD19702D12,SHA256=CC336A2CC5E90F82FDB205E706B8BB726B603828BFE80B8EFE1D181C07B9DF66,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013624Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:04.480{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50101-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x800000000000000013623Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-SetValue2021-09-10 14:43:06.089{625C326B-67EE-613B-1300-00000000F101}368C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7a652-0x2a7a142d) 23542300x800000000000000038448Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:06.357{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5BC58F26D882FD22F1B83E2E80337B3D,SHA256=A9E2BCCDC00DECF590171A8700CB0D490BA357A73A547C73EA5BDB38D999C7DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013626Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:07.870{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9732C437E6FBAA3118E12B020B8CC799,SHA256=959F9868469247872542825D19B3690B4A664E23C8DEBC06BD3C5BEE900B84C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038454Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:05.399{7BD73061-65B2-613B-1000-00000000F001}364C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse10.0.1.14win-dc-387.attackrange.local123ntpfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal123ntp 23542300x800000000000000038453Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:07.919{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038452Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:07.810{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=545F22D0C0241C6AAAA43F1C3538479B,SHA256=FED058E5C048B798AFBE889AF8F09508F481169ECD4EC1B8DA601F3B7EB16F0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038451Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:07.435{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=EBE74EDCA6F4D29A80C5FE228258CCFA,SHA256=AF77376D21588D33F3ED7BAF66EA77869AA7C2003C3D0D413DE8106FE08B97F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038450Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:07.185{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013627Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:08.885{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=552B56149D03C13C428DD8501B5DFD66,SHA256=104191EA0542039F5DEA631D7C144BF4A2ADED57090CD5E1D324AD873197ABB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038457Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:08.826{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E641E32DB8B58AC0066FD635538A9F18,SHA256=EA8747D62496E482C12B32FFC4780C75C502BDA5097D85B4E74DF2E4C9CAD408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038456Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:08.685{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038455Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:08.516{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=CD7E1E2938270EA44C85ECFCB66B2080,SHA256=8966F3569A2EFF9943CDBFC00E1731BEB3BDF8460E371D828CC675F95D5E8D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038459Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:09.891{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=803930944C87E110FA11C5E851420BCF,SHA256=29C9EE293EB5B3494D028A6E59CB04FE2E3823C7D65193A69860AACB0227ADED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013628Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:09.917{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69B1F31AB739EE1E6C505A5A6B1C979A,SHA256=0CFEEDA0F59A7C7D6266C326CA52BE21E2E3C93644D0F3923630D31118AFB377,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038458Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:09.560{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B19D8A3BA004D5CE656A36C330594974,SHA256=6E23F6F0ADE34E4029999DCEA86584952D8690E0CE668C2EB744FBF99BD6DFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013629Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:10.951{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D480757E62F694A5E1560DAC0A2372C,SHA256=F9681344AD38ED6FDC19D07A459A9FBD8CBF65132D1A22EB509032D41335DF98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038462Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:10.893{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CE144B5491E9174FE2FF9804B6496BF,SHA256=3FDBEC78017C958CBFA1D3FF4902F57BCE7DB060C9BDABB9E0E6B164E1E8DA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038461Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:10.596{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4A1DB85F1011A1167FED306936BCE796,SHA256=8131615F2242A8F93AC0B357796AE43C8F4C2CC3F620AB8970B97375F3EA8BF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038460Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:07.586{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59202-false10.0.1.12-8000- 23542300x800000000000000038464Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:11.893{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98CDF8E585995DF2F9AA39B8F1806122,SHA256=984995CBFBC688B3812E6B42A9D6ACFD47CE867C2339192449A1ECAFFC22A453,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013630Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:10.419{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50102-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000038463Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:11.705{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D2C51A9ED1280A95A05C4EC802DF2B19,SHA256=59BE105BFE4BA2D06C4A360E3B7EF6E75F9636B01224825332B105463A0872F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038466Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:12.908{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A56E7B699EE6C5C1913D30330515220,SHA256=F302EB755FA1364B7FB87014A8EB2723C860A471C7E463416753E0EF6243FAEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013631Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:11.998{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F5FD880972CF06B2317A4BAA2E79D11,SHA256=5BAA469A9BB08505A7E7076026642CD3F70D8BC00DACB6CF68082D846322C10B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038465Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:12.893{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7B39672F62C02EA9FFD45F6CF3261D66,SHA256=1B21AF6F26EF097AEF76E52B9CCAC0961D4BDC7254B2C4663761644247B01419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038468Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:13.955{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE490E16E5F7E6E13C4FC3CF06A58EDF,SHA256=364A1BD30FE32C2BB2E866ED14D0ED9ECEF631CF56CF5A7959DB0D74BE5CC756,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013632Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:13.014{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1970C7DE268A72AF84D3E3445A59BDE8,SHA256=D6D58C6F8F4CEDF71FB471E51AEB7BECED885314545AA1C5C6A5FA6A2FE69D16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038467Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:13.924{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7D948B68EDC20493806244EB65EDBA97,SHA256=20B9BFE81CD4C31AC69138716B6699D4D553367BBE10C894CDE187387456ACC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038472Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:14.990{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6377CF05FA3397C2453DF1166304BDF,SHA256=3D2E78486806F6C5E9EFBB016A4CD315E70A1CF8D7A571981350380C5867ABAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013633Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:14.061{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D7D6100968D29CFF1B8ADD526EB21EA,SHA256=16F1BD9520838E2A9611CD492357412E31B134723F8705B1575A2E850CB46695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038471Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:14.955{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B7AFDF4FCF1D6296A5BFEFD8CEF89609,SHA256=B07C93585DD0BAEB7D9EFFF3AC65E0D62F982619341C62B726A745F24C60D077,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038470Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:14.330{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A1EB39E89784085BFAB5EB802EFC450,SHA256=29BB58F0DE5372339299B5A4CDE462B32D433F5C18F555EC2BA8F5732E09CB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038469Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:14.330{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5C78F2C3DA40CCC614031F42C6BEE0DB,SHA256=A4E1BDAF96187F664E1049E154C613F307D617153B81B060B4B57737A6298D55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038473Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:15.987{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4CEDD0555933E15AF468AF4C7400970F,SHA256=32B8A724E67332CF40BE2EE9604011A3270108A4A8EE6E434BA3A3405D73F2CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013634Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:15.076{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94BF32E40638D0764FA5732877B26BBD,SHA256=9C8821D4C111CA34D49AEF690F4D54A4B27B935AACA0B24CE1573AA60F3EAFAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013635Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:16.092{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8526E064CD9B14DC327B7E2F6FC8D317,SHA256=5673BAA3A0179487F686FEC5629ABD3EB93909E9FC1CC160E5BE401AE89ACE4C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038475Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:13.528{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59203-false10.0.1.12-8000- 23542300x800000000000000038474Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:16.003{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03F9550A2354BFAD91041683C44862BF,SHA256=B97B675A570FC5ED73917924656630673ED277A859B0E28BD154A57403519337,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013637Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:16.438{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50103-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013636Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:17.123{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE70A2508066E0FA42C230A7AB634397,SHA256=34B6D67172E6B6030B1E48281FE3E4C300FB68A3EAC959D8CC603F659D693B37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038485Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F05-613B-2207-00000000F001}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038484Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038483Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038482Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038481Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038480Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F05-613B-2207-00000000F001}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038479Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.674{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F05-613B-2207-00000000F001}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038478Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.678{7BD73061-6F05-613B-2207-00000000F001}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038477Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.033{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=95DE6CECE5AA5C2A962317EEF4CE83BC,SHA256=59438BE13F490D0B92D85A02530A997854B9FA68C4FF27E9D106F75AF09E52A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038476Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:17.018{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D4F90200E7056035DBB0D7CFEC939C1,SHA256=A85DF7374917252B4586D503CA1CEB20A03D77E48BD394572CCEE0A8186E4E72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013638Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:18.139{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F1D03F0689B201703FF9E3FC502E8FB,SHA256=EAF9C707327F0E7AF4C12226CF86BE6A6E5F309C9437D92E87DA8B18667E2703,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038504Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.893{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F06-613B-2407-00000000F001}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038503Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038502Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038501Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038500Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038499Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F06-613B-2407-00000000F001}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038498Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.877{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F06-613B-2407-00000000F001}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038497Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.878{7BD73061-6F06-613B-2407-00000000F001}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038496Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.721{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A1EB39E89784085BFAB5EB802EFC450,SHA256=29BB58F0DE5372339299B5A4CDE462B32D433F5C18F555EC2BA8F5732E09CB85,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038495Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F06-613B-2307-00000000F001}6216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038494Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038493Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038492Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038491Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038490Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F06-613B-2307-00000000F001}6216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038489Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.346{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F06-613B-2307-00000000F001}6216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038488Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.347{7BD73061-6F06-613B-2307-00000000F001}6216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038487Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.129{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0EA328E72970834868AC6B85FC5AC3A7,SHA256=BC1F122D10105D2A2C9C807F4D4650020725E2964E5536279B8450CD315B6B69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038486Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.034{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7452B1F8F1F4A8310DB5B3EDD3F860BE,SHA256=870A48E2EFBEF0B59D7DA3B057CCC2AA1590AEFD33019C4199992467D120AFD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013639Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:19.170{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69BBFE6DDE06025B408E339F2611F527,SHA256=F829E3C0F61F449CCC05113EB670E5F2046A7B2A68D5E3B982D19D0C3BFD0A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038517Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.893{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=569F550564821371133AC6E834E31865,SHA256=7B6E3842B01FE2D174D0AFD7E2B0664B78736B257E3D57D929FBB5EBCBF981E0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038516Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.690{7BD73061-6F07-613B-2507-00000000F001}5801092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038515Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F07-613B-2507-00000000F001}580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038514Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038513Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038512Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038511Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038510Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F07-613B-2507-00000000F001}580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038509Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.549{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F07-613B-2507-00000000F001}580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038508Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.550{7BD73061-6F07-613B-2507-00000000F001}580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000038507Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.174{7BD73061-6F06-613B-2407-00000000F001}39442128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038506Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.174{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=169FBAEBD76C83C312E9F967572261BB,SHA256=F1DB72F0DC3FD5EC1B50C8D63211D6AF0BC934BCE1384C78C991F0BFF0D0F0BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038505Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:19.038{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B09C1E88E473D54E83D60BDAF34BCD8A,SHA256=704E37E822C845838BAF7274750A2C21C7D09BE2CF6334F0359B8DD9619CAB5B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038536Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F08-613B-2707-00000000F001}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038535Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038534Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038533Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038532Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038531Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F08-613B-2707-00000000F001}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038530Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.815{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F08-613B-2707-00000000F001}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038529Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.816{7BD73061-6F08-613B-2707-00000000F001}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000038528Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.377{7BD73061-6F08-613B-2607-00000000F001}63086824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038527Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F08-613B-2607-00000000F001}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038526Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F08-613B-2607-00000000F001}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038525Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038524Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038523Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038522Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038521Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.221{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F08-613B-2607-00000000F001}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038520Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.222{7BD73061-6F08-613B-2607-00000000F001}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038519Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.205{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=53DF3C280ECFA4473EADCEBE50E8E4D4,SHA256=C11F8DCECB77396F7E44AF719C75CFDEDE39F9105F89F879B5E2D5F3002933DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038518Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:20.049{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD91B8B34385C9AC40F88EBB8E6370AC,SHA256=F449EB49A699FFDEB3E7CC1E0917C8FD5460D913F80888E78BD7A62D37128337,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013640Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:20.186{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A222E87C2D624D33E861D13658CFE1BE,SHA256=33DF47708AB620D180E53C49507B324D6D767BC13D0A72F8C1049D744B45FBD2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038548Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-664F-613B-B400-00000000F001}36484280C:\Windows\system32\conhost.exe{7BD73061-6F09-613B-2807-00000000F001}5772C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038547Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038546Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038545Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038544Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038543Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F09-613B-2807-00000000F001}5772C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038542Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-664E-613B-B000-00000000F001}41843260C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7BD73061-6F09-613B-2807-00000000F001}5772C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000038541Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.460{7BD73061-6F09-613B-2807-00000000F001}5772C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038540Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3C167E9D3BBEBDC899DF03B77F8C150E,SHA256=D5B0AF606072B1F4C82D127CB4D565E45C735B1E40FF6D0F21A0DA9736DE90E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038539Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.455{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9DE91538EBCF748F0F7021BE9E7A876E,SHA256=C1B41E5F438A5F9CBC0955AE1D83164C05931109D369888BFB7F08095F53EB97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038538Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.096{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=215BE78AC66EB359576C252BE57F8029,SHA256=2B16EF84EC966314BA8E768106E9D263BF0FA9C4904007D58D6834C171DF85A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013641Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:21.233{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12D85A8870F1BA77F5A47D686B80685C,SHA256=08BFBA327DE80C3209D275765AE9247D8FE06FACB6621EE99295B4514D161E13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038537Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:21.018{7BD73061-6F08-613B-2707-00000000F001}25967132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000013642Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:22.280{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F52246779FDC0DA57B605115E7AADC0E,SHA256=668D446BA8B7AFFF83100EB4D5B79F774E78D6D55E17F4580EF92BA55195AD57,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038552Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:18.528{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59204-false10.0.1.12-8000- 23542300x800000000000000038551Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:22.471{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE5D6C44FCAF636EC0446F67F0398952,SHA256=3191EC47935C4BB107CBECEF6F88885AF76D28B7449D5914C2C921A44C696FDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038550Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:22.331{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=FEB4B4AF908626E6BC0FC3DA57B98794,SHA256=EDD3E72E74279C0C42C04E4F5E296A7FDC84A8C8FB1A595313D6FDB967DB76E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038549Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:22.143{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8F0862FDA1D096677F16FA953DB2476,SHA256=CA66372FE97FD8F6FB0FC6139513AA6231C2D20C8808AC9DD29665E090AA3745,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013644Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:22.407{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50104-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013643Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:23.389{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0407FE28E3B791586EA638B183FEBF37,SHA256=A7E101CB9FB08C016D064D13CD43A3E0F6FA9B5EB2A8BB88C31416965A4AD590,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038554Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:23.408{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1041ACA160AF62E2F6E7FAE2B63139C7,SHA256=38D98B87093FF989E5A44A94544ED0EE4D0FA886E71C9DC0A4D16470F6359D9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038553Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:23.190{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CEC03D7F74938C6CD2DC21487C5C832,SHA256=C6BDC59698703229492FF279DDF0A2F1C2C5F99C538ACD5E6153C4612C95B7AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013645Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:24.405{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A08EF82FCC87422BC59798C926CA5175,SHA256=F6E5F95E1BCF44B3D0EE3A8CC8CB0D7C466FE4921AED05BBFA59D7C3D21A5DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038556Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:24.455{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D585C7FEAC5967F27E827313535E4217,SHA256=B347830E984056D99ABF9A704FE87FDD696B91713D0F185592219D11773C8344,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038555Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:24.221{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5539F25E67136B29367EA3D6B77078EE,SHA256=92FD2E3EA494D3D28FDBAC57CE41C9A1D4C66854FFF2FDF53A04194FE1AEAE8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013646Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:25.451{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46F564757BD376B324C0B1A97DAA086B,SHA256=0F3D646802E01C31E3E7F5CEF134D36ECC6BAD2AB06F001CDCBE1C9CA01B8CD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038558Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:25.486{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5824C0F0A2814B457F645E2809EAC2D0,SHA256=5A5CE40F2574E7404C7739F5922E016AC1224675F3E36BA23BE9754736A3CEF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038557Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:25.252{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E0B6190701E2AE8F27582BC2638C658,SHA256=813DDEE8D4CD85CA516DA414FFA7DDF0254F00132C5714352B8A389E0636F54C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038561Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:24.387{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59205-false10.0.1.12-8000- 23542300x800000000000000038560Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:26.518{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=ED9024DCAB2CA29EC47D030A94A166A8,SHA256=91747081F5345A3BFC12B16CEFF0AC31B6F476EF7C7350CEA474BE69A0005023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038559Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:26.252{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4438F034AA5D00873D0F3FCD54C1129C,SHA256=22ADA7E5D9CCB170D67D89C5FFF24A7F4AB9F918656FBC2507676338EB64B356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013647Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:26.467{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2777B21597A154696C88C704FA512FDA,SHA256=438DA9CF5A5966ECCD4AFB2B82E932EB8F9AFA87A05A74E3DF79325B67D279AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038563Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:27.565{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A4EB3DCDA2C50591BA4C1BA571769226,SHA256=6679C69E9E412593E03B7B0208EEA396DE1E89FE89FAB03363351CE3FD6B46A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038562Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:27.283{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DC8792532625BE4F4FA9444898F1C52,SHA256=68BD97A259655B415906507C12576B29AF10CEFE82DCB7BAC1BDA7A5A12A1075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013648Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:27.467{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90E1FBE4144DC61D8F021D13A8B0B420,SHA256=CED72E5FE63F1234C70C2DA128939D3F9AF023EC45B2DCA4051E2E06B3A835EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013649Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:28.483{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=582686C09738F11129DC01ADA074C6B5,SHA256=30C2FF7F6B9E1A57DE9F752C66C83B6E6F6D7476208E9DC79DCFC903B9326FE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038565Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:28.694{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B2B84701DE8404D2062B0F5265AED4B7,SHA256=7974C2D9703419B0011AB451BE71FC5A8CD195DD280CDF4A261ECAFEEC72948F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038564Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:28.346{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5AB433D0C2C2917049BD031FF13E650,SHA256=56B988389E8D7FE82FDE0670933AEAADFC0946BB43CC9C353271D721E955345B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013650Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:29.498{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C1701B7060F6D6E267C6484C24C2423,SHA256=5BC9111D94060B7DDF03C01D081F056C225B69B2A60C04B692018F9BFEE0CBEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038569Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:29.736{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1999D110DE9E71A477359A0410630E2A,SHA256=52F274A838EB6F48B2BC388237ACBAF41FE44C90D36D7163BBA549C25B1D4912,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038568Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:29.674{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-65AD-613B-0100-00000000F001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000038567Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:29.424{7BD73061-664E-613B-B000-00000000F001}4184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=086DB1CFB481058C3EF9F48D868FE74F,SHA256=BB95DB224236BED3122F53106B6D7A2930FE56435B98D0E225AAE99BDF5D7CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038566Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:29.361{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=823D02706282A9CF55C5AADDB72219E1,SHA256=5EA88363819F64BA74238B1EA98D3902E9AE8CB1668A3B152504D06704AF9BD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038576Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:28.998{7BD73061-65AD-613B-0100-00000000F001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:54c:bd54:34e2:1fb5win-dc-387.attackrange.local59207-truefe80:0:0:0:54c:bd54:34e2:1fb5win-dc-387.attackrange.local445microsoft-ds 354300x800000000000000038575Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:28.997{7BD73061-65AD-613B-0100-00000000F001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:54c:bd54:34e2:1fb5win-dc-387.attackrange.local59207-truefe80:0:0:0:54c:bd54:34e2:1fb5win-dc-387.attackrange.local445microsoft-ds 354300x800000000000000038574Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:28.731{7BD73061-664E-613B-B000-00000000F001}4184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59206-false10.0.1.12-8089- 23542300x800000000000000038573Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:30.741{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=52F0B7884831823DACF3E40ADCDFA252,SHA256=53C93ABCE548AE9A42279C0EDCAD7F1DB0EEAC10471DF55DAB26D766519E4C99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038572Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:30.726{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86A645946059A5DB53E6921640728726,SHA256=18390E733EB89FE0B3975CE358F5159CA13711CFCEFAD153BFF943191EB10172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038571Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:30.726{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB80295320D4EA3FB2545335FF5C2922,SHA256=E8CF0879FC543B8FF6EA0DCC74C29045F6A870D61E2D612267F41665FB8D02AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038570Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:30.601{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C80C93B729BA0B9E2E72C1962B368F2,SHA256=2B71FB05382F99A305CBC13162F3B533CF744424A0EBF44B424C4E24453588CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013652Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:30.598{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A6BE6B387070347D6B9149F77DB3802,SHA256=285A74E68E1AFC8B53B61DAAFF9AD0F3800AFF18F93B1E832F80C5C528D02CF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013651Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:28.392{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50105-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000013666Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F13-613B-8D04-00000000F101}2292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013665Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013664Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013663Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013662Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013661Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013660Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013659Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013658Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013657Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013656Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6F13-613B-8D04-00000000F101}2292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013655Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.692{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F13-613B-8D04-00000000F101}2292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013654Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.694{625C326B-6F13-613B-8D04-00000000F101}2292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013653Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:31.614{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2C68502B3598B2797CE4B19B2A763A5,SHA256=184F2178598A42126FB78D75C598335F9A84139E5F609D18BC7D9C5AE357F880,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038582Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:29.480{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59208-false10.0.1.12-8000- 23542300x800000000000000038581Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:31.929{7BD73061-65B2-613B-1100-00000000F001}432NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=AD3B62695AFAA70E51C754FCAF711950,SHA256=E46E85690675DDCBCC5F67C2F968F55CC507AD9F8AA6241405DECF91D5C3E47F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038580Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:31.835{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=349E17324A17CD66CD23153217CA9C4D,SHA256=43946898A401F7A62D1BE8E15256F2EE25276659B8F195DBE6B1BD6DC7935BB5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038579Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:31.819{7BD73061-65B2-613B-1600-00000000F001}12966536C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2800-00000000F001}2860C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038578Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:31.819{7BD73061-65B2-613B-1600-00000000F001}12966536C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2800-00000000F001}2860C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038577Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:31.694{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2635DEDDBAE0A052621B460E5692F193,SHA256=D0B8AAD4387E2A588B728DEDF6C17717606BCFB8DF62A863EF3AC6AE9EF0B139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038584Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:32.882{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=761D7D920801765377799927A6DCC58C,SHA256=8DF82E5A902195859B2E578157C4CBC04AC0017CBED36C374F4B2F68BDDD7F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038583Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:32.741{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B425EF95CB90752B37EA682DB93A54B1,SHA256=441EAEE9E2DBDC34DD56065103E694860E0A9EC4B53B959ABDDB260B948813D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013696Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8606FDE0E8766A59C74CF9BA0E53B80,SHA256=2F5D3201E7C57D2E3E23C6B69055D03667031A7824DC0930246E3A33B0F40048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013695Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E38E0398E9AB7672BF538C5DA0CE751,SHA256=E05D4CAA794835D29788945591E1E537400F46E4ECA1FA37B434B2A76168F991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013694Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42732F28C98A526FCC5AE0C75970AC51,SHA256=C54BFAC955CB92744E1DB9122643A5B3EF87BB215B9FFBF254760194D856F5CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013693Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F14-613B-8F04-00000000F101}692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013692Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013691Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013690Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013689Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013688Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013687Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013686Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013685Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013684Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013683Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-67EC-613B-0500-00000000F101}412528C:\Windows\system32\csrss.exe{625C326B-6F14-613B-8F04-00000000F101}692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013682Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F14-613B-8F04-00000000F101}692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013681Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.864{625C326B-6F14-613B-8F04-00000000F101}692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013680Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.411{625C326B-6F14-613B-8E04-00000000F101}33002880C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013679Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F14-613B-8E04-00000000F101}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013678Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013677Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013676Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013675Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013674Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013673Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013672Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013671Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013670Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013669Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-67EC-613B-0500-00000000F101}4122740C:\Windows\system32\csrss.exe{625C326B-6F14-613B-8E04-00000000F101}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013668Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.192{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F14-613B-8E04-00000000F101}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013667Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:32.193{625C326B-6F14-613B-8E04-00000000F101}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038603Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.772{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4D198304E00986014CDF95A5BE9BC70,SHA256=F5C085667904BC4FEB6C8371CE3298DC3D308E6CA98FCEA46401A8A96EF08EA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038602Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038601Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038600Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038599Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038598Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F15-613B-2907-00000000F001}6596C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038597Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-1600-00000000F001}12963256C:\Windows\system32\svchost.exe{7BD73061-6F15-613B-2907-00000000F001}6596C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e0a4|c:\windows\system32\UBPM.dll+11662|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038596Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038595Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:33.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000038594Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000038593Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0024bf97) 13241300x800000000000000038592Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7a649-0xd8bf89cd) 13241300x800000000000000038591Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7a652-0x3a83f1cd) 13241300x800000000000000038590Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7a65a-0x9c4859cd) 13241300x800000000000000038589Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000038588Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0024bf97) 13241300x800000000000000038587Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7a649-0xd8ac043b) 13241300x800000000000000038586Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7a652-0x3a706c3b) 13241300x800000000000000038585Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-SetValue2021-09-10 14:43:33.304{7BD73061-65B0-613B-0B00-00000000F001}620C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7a65a-0x9c34d43b) 23542300x800000000000000038606Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:34.776{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC58D7D0B38FDFEC435CB90D27BA55F3,SHA256=7A1FAA7952F8B32F5343B58B4E66A1B4ED97294FCFDB6E074C6C62332DBA87BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013712Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.254{625C326B-6F16-613B-9004-00000000F101}34482224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013711Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013710Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013709Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F16-613B-9004-00000000F101}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013708Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013707Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013706Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013705Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013704Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013703Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013702Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013701Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-67EC-613B-0500-00000000F101}412528C:\Windows\system32\csrss.exe{625C326B-6F16-613B-9004-00000000F101}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013700Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.020{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F16-613B-9004-00000000F101}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013699Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.021{625C326B-6F16-613B-9004-00000000F101}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000013698Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.004{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D580B47E988AEC5356EAFD04BA115A0,SHA256=07D10991FD325EF3A746CCD522DAA5D493533E76ECB1A79F4A7DC1B97858E1B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013697Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:34.004{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8606FDE0E8766A59C74CF9BA0E53B80,SHA256=2F5D3201E7C57D2E3E23C6B69055D03667031A7824DC0930246E3A33B0F40048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038605Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:34.569{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86A645946059A5DB53E6921640728726,SHA256=18390E733EB89FE0B3975CE358F5159CA13711CFCEFAD153BFF943191EB10172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038604Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:34.054{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8FD36E4F0F0470E480A631A04840B257,SHA256=38AD3F01980BF52B81B77FCAE836A0B939795E72C8116405BD17CF3241675F40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038608Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:35.866{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=172F1470D087FE6BBD8329DBBC72F31F,SHA256=D3412BE40A7C5BE3864ECC38DFA04A76F622514AC24BA3253638B2DD691F6DAC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013743Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.926{625C326B-6F17-613B-9204-00000000F101}39882560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013742Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F17-613B-9204-00000000F101}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013741Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013740Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013739Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013738Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013737Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013736Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013735Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013734Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013733Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013732Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-67EC-613B-0500-00000000F101}4122740C:\Windows\system32\csrss.exe{625C326B-6F17-613B-9204-00000000F101}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013731Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.676{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F17-613B-9204-00000000F101}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013730Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.677{625C326B-6F17-613B-9204-00000000F101}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013729Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.410{625C326B-6F17-613B-9104-00000000F101}38122828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013728Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F17-613B-9104-00000000F101}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013727Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013726Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013725Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013724Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013723Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013722Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013721Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013720Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013719Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013718Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6F17-613B-9104-00000000F101}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013717Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.160{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F17-613B-9104-00000000F101}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013716Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.163{625C326B-6F17-613B-9104-00000000F101}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000013715Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:33.398{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50106-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013714Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.051{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BEE068098BE54651C976C387E32C9AA,SHA256=AC114E1D7BAF9CF5CB68D6D1F9A9212104A0FE5C1B33261BE61EA3AC2D82742A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013713Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:35.051{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E38CFAB1420A3761BCEF761AE911A4C6,SHA256=55EAD041D6CD2B55BD7D30B8C2303DF42953E3282524D254BF0747807127F1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038607Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:35.007{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=EF2FE33DBD8E415EE4EF949575D73C14,SHA256=5522421ACCE3AA53FA061BA36DF5309EDFEC4EF2BDC96320D5BD0C05915FDC75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038610Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:36.882{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D6F70089FDF7599B8D4F9CA3EA7C9AB,SHA256=C9FFF9F1F06621B4FEC866E720333E623097D98DCE15A8B56378B32A8C716EF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013758Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.318{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EC7605F1D632DC1C57C1E26E34DF7ED,SHA256=04AA42307478922CD60CFA74F85ACFF7EBF90773B3EDEF94FC8429A6C25EC185,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013757Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.318{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D991F2F6D3C29F797541F001A4124D9F,SHA256=FBC7BC24F6480E76578A84F4A75ACEC68ECC95B568EA9B7CA5BCCCAC66EB6091,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000013756Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-687A-613B-A800-00000000F101}32681184C:\Windows\system32\conhost.exe{625C326B-6F18-613B-9304-00000000F101}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013755Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013754Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013753Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013752Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013751Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013750Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013749Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013748Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013747Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67ED-613B-0C00-00000000F101}732764C:\Windows\system32\svchost.exe{625C326B-67EE-613B-1E00-00000000F101}1980C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000013746Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-67EC-613B-0500-00000000F101}412428C:\Windows\system32\csrss.exe{625C326B-6F18-613B-9304-00000000F101}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000013745Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.176{625C326B-6879-613B-A400-00000000F101}20043924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{625C326B-6F18-613B-9304-00000000F101}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000013744Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:36.177{625C326B-6F18-613B-9304-00000000F101}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{625C326B-67ED-613B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{625C326B-6879-613B-A400-00000000F101}2004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000038609Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:36.022{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=820F868437C1FFBDBCD865AC841A0037,SHA256=173A3B8F7BE35DF31F29C0CF9BFF7F41476B573B378A3B4AD048FFBE80D67AA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038613Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:37.944{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4CDA4BF06369DC8AFF261B9D438F39F,SHA256=5A946C5C134E5458DCC87D653E3E87B5EA9B7E974CB2E3C129C46F9EA17F024D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013760Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:37.223{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2293CD5FE97B773543554C88E6D29118,SHA256=75C78AC9199FD6E7D8FBDB53DEF5B6FC018BD71F26FF931143C636C917B51BE9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000038612Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:35.407{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59209-false10.0.1.12-8000- 23542300x800000000000000038611Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:37.085{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DC8C6406AB1C338CB55135A238435744,SHA256=3CE6BAB73FC24D89D7F9E767AC069247F2D56B110EB2D6F8B7B5DB7B832CABDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013759Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:37.207{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BFEE4A91CF5CA6964B4E1145674FB41F,SHA256=BA7158C6360C46FB1E77D833781BF6207AAF7A5C24AC913ED69290197193A89F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038615Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:38.960{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F810D4286C8330A50108C4E4AEC3A68,SHA256=0738A04FAAE8FA348CD9457C6D14BE3CEF61F81332255567F949EC4F297305C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013761Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:38.270{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87922532A288C0A182138688972026FF,SHA256=EC14F8BC6CEB8BAA66EEDFBE47200CC7D00C94036FF37EF9867398627AD94F43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038614Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:38.194{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0A6606F302ED7AA110A306B8703F3045,SHA256=160E64B8121BEC2F32D69D233D8DE89C427AEFEFD32B73DB3AD065A402EB8DB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038617Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:39.976{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37C0EABDB3DB1DD62BC445EF7E4ABBA9,SHA256=600DF2281EE3CE067F409B96276D2C4E91CA1287A66EEF06BE80D8D43845316C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038616Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:39.210{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=9F39E7720BCC6D7CF89DBF6A0AC5328B,SHA256=7052A6DD57753C524C79FCA482625B5F860C9E3A07681BB7D52734D079C432A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013762Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:39.364{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08D77B3376D754D757A664EC1361BA3A,SHA256=7FFC42310F51FB3DD28D400D23523E53C0B0C0EFFB6B49298A2D6B7ED0BE2648,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038619Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:40.991{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9990B1901AD5D075E0421670C3E0F0C1,SHA256=056691783D50A046907F2CD8E57307AFA3ABC41423E54643FCB540213AA914D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013764Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:40.379{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD90BB9E5CD1F69A1DC40E3A0DF3B27,SHA256=381EB533E4355AE0B10695A3E4F7E4AA6FE86FBB89C1AB36CA87E617E6411363,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038618Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:40.320{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2C36C532B689F30535B010D072487BCA,SHA256=C6BBBD429DD5074DC1AF2FFEDCDC90BBCBE1E55EE6C87A688CD3A98B196C4049,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013763Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:38.476{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50107-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013765Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:41.395{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA0B40B51DCBDAC37057FCC2FD70ABFF,SHA256=A49C6D3E104909C215491A201504155F290131698F2E4CA6527C83BFC84DB22F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038622Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:41.524{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F71D7A9053E4468461233898A498D31,SHA256=3F7F5364A855909CE8522EFF36985F432A5B4E86A10BD0D035D89F602A213FAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038621Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:41.524{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E6C00992039FC8C85754116579C9692,SHA256=F4325C5AA3FE39A475D2E7A9CFFECDB0D593576A20F34FDBAF82031DC1906054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038620Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:41.413{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DD23C1B4EAC9918C69E1178D79471F39,SHA256=D9E454555AE43F8A6FE6BD55C7E77FA5503376DFCD115EBA79BDE89F161DA80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013766Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:42.411{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55B78D3A79E176BCC8C4D23BC6417CD4,SHA256=477D05981F586DC79CACAC5028BC7FDFB2771F7A1A83DD24CBACFB4FE2B967BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038728Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.975{7BD73061-6F1E-613B-4607-00000000F001}28165876C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-4507-00000000F001}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038727Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.975{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4607-00000000F001}2816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038726Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.960{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4507-00000000F001}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038725Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.960{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-4507-00000000F001}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038724Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.960{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4307-00000000F001}5784c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038723Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.960{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4307-00000000F001}5784c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038722Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.929{7BD73061-6F1E-613B-4407-00000000F001}14045064C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-4307-00000000F001}5784c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038721Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.913{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4407-00000000F001}1404C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038720Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.913{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4307-00000000F001}5784c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038719Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.913{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-4307-00000000F001}5784c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038718Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.897{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4107-00000000F001}3436c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038717Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.897{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4107-00000000F001}3436c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038716Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.882{7BD73061-6F1E-613B-4207-00000000F001}70285092C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-4107-00000000F001}3436c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038715Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.868{7BD73061-6F1E-613B-3F07-00000000F001}66245708C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3E07-00000000F001}3832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038714Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.868{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4207-00000000F001}7028C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038713Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.868{7BD73061-6F1E-613B-4007-00000000F001}70245644C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3D07-00000000F001}5296C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038712Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4107-00000000F001}3436c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038711Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-4107-00000000F001}3436c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038710Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-4007-00000000F001}7024C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038709Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3F07-00000000F001}6624C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038708Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038707Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038706Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038705Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038704Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3E07-00000000F001}3832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038703Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-6F1E-613B-2C07-00000000F001}6356848C:\Windows\system32\taskhostw.exe{7BD73061-6F1E-613B-3E07-00000000F001}3832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c01b0|UNKNOWN(00007FF8E4D615F2) 154100x800000000000000038702Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.854{7BD73061-6F1E-613B-3E07-00000000F001}3832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:712C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{7BD73061-6F1E-613B-2C07-00000000F001}6356C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 10341000x800000000000000038701Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038700Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038699Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038698Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038697Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3D07-00000000F001}5296C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038696Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-6F1E-613B-2C07-00000000F001}63564904C:\Windows\system32\taskhostw.exe{7BD73061-6F1E-613B-3D07-00000000F001}5296C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c01b0|UNKNOWN(00007FF8E4D615F2) 154100x800000000000000038695Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.851{7BD73061-6F1E-613B-3D07-00000000F001}5296C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:876C:\Windows\system32\NT AUTHORITY\SYSTEM{7BD73061-65B0-613B-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{7BD73061-6F1E-613B-2C07-00000000F001}6356C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 10341000x800000000000000038694Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.835{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3B07-00000000F001}4708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038693Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.835{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3B07-00000000F001}4708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038692Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.819{7BD73061-6F1E-613B-3C07-00000000F001}22805300C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3B07-00000000F001}4708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038691Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.804{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3C07-00000000F001}2280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038690Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.804{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3B07-00000000F001}4708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038689Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.804{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3B07-00000000F001}4708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038688Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.788{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3907-00000000F001}476c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038687Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.788{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3907-00000000F001}476c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038686Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.788{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=307E92BB931E79D4FB3B65EDB083EE93,SHA256=4E5076558AD1AE6097DC610CB3D994D59BCFE56F12B580CDEB69DFB164DC8F8D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038685Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.772{7BD73061-6F1E-613B-3A07-00000000F001}69925312C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3907-00000000F001}476c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038684Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.772{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3A07-00000000F001}6992C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038683Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.757{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3907-00000000F001}476c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038682Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.757{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3907-00000000F001}476c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038681Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.757{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3707-00000000F001}6584c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038680Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.757{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3707-00000000F001}6584c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038679Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.725{7BD73061-6F1E-613B-3807-00000000F001}68683244C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3707-00000000F001}6584c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038678Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.725{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3807-00000000F001}6868C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038677Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.694{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3707-00000000F001}6584c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038676Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.694{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3707-00000000F001}6584c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038675Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.679{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3507-00000000F001}5488c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038674Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.679{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3507-00000000F001}5488c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038673Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.663{7BD73061-6F1E-613B-3607-00000000F001}51725512C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3507-00000000F001}5488c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038672Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.647{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3607-00000000F001}5172C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038671Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.647{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3507-00000000F001}5488c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038670Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.647{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3507-00000000F001}5488c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038669Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.632{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3307-00000000F001}5152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038668Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.632{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3307-00000000F001}5152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038667Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.601{7BD73061-6F1E-613B-3407-00000000F001}52406388C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3307-00000000F001}5152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038666Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.585{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3407-00000000F001}5240C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038665Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.569{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3307-00000000F001}5152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038664Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.569{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3307-00000000F001}5152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038663Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.554{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3107-00000000F001}6336c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038662Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.554{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-3107-00000000F001}6336c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038661Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.522{7BD73061-6F1E-613B-3207-00000000F001}31241372C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-3107-00000000F001}6336c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038660Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.522{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3207-00000000F001}3124C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038659Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.507{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3107-00000000F001}6336c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038658Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.507{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-3107-00000000F001}6336c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038657Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.491{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2F07-00000000F001}7076c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038656Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.491{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2F07-00000000F001}7076c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038655Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.460{7BD73061-6F1E-613B-3007-00000000F001}44241640C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-2F07-00000000F001}7076c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038654Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.444{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-3007-00000000F001}4424C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038653Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.444{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-2F07-00000000F001}7076c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038652Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.444{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-2F07-00000000F001}7076c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038651Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038650Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.444{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038649Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.429{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=796D4DF4F624DE961A2EF495B95C37F0,SHA256=6BFE15C802D4028F2DCA475BDE237273A55D9D084A0DEEFBFD6018C0984A6C53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038648Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.413{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2D07-00000000F001}4120c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038647Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.413{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2D07-00000000F001}4120c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000038646Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:40.538{7BD73061-6658-613B-DE00-00000000F001}3980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-387.attackrange.local59210-false10.0.1.12-8000- 10341000x800000000000000038645Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.366{7BD73061-6F1E-613B-2E07-00000000F001}22404288C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-2D07-00000000F001}4120c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038644Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.351{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-2E07-00000000F001}2240C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038643Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-2D07-00000000F001}4120c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038642Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-2D07-00000000F001}4120c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038641Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038640Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038639Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038638Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65BF-613B-2C00-00000000F001}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038637Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038636Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.335{7BD73061-65B2-613B-0C00-00000000F001}8363936C:\Windows\system32\svchost.exe{7BD73061-65B2-613B-1600-00000000F001}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038635Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.304{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2A07-00000000F001}5916c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038634Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.304{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-2A07-00000000F001}5916c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038633Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.241{7BD73061-6F1E-613B-2B07-00000000F001}62005544C:\Windows\system32\conhost.exe{7BD73061-6F1E-613B-2A07-00000000F001}5916c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038632Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.194{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-2B07-00000000F001}6200C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038631Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.163{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1E-613B-2A07-00000000F001}5916c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038630Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.163{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1E-613B-2A07-00000000F001}5916c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000038629Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.163{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIE227.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000038628Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.147{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=764CB91077D28BB9FE5BB11D99B2EAB7,SHA256=6992A633EB6F51EF1D6374728BCD26E9EB2D58A4F7304AFEA59D8E2B5A6C7040,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038627Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.132{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFF5BA49B94BF0EA81.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000038626Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.132{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFAA8C4C528D4424C5.TMPMD5=FAAE370EF628456540A38FE31604EC41,SHA256=4C64E11146D1CD962DCF3554F0F986E2DB9D7944C037FC4AEF0F94AC5A1818C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038625Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.116{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF41CFE46C02D30252.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000038624Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.116{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFC4523F9E2B047DDB.TMPMD5=FAAE370EF628456540A38FE31604EC41,SHA256=4C64E11146D1CD962DCF3554F0F986E2DB9D7944C037FC4AEF0F94AC5A1818C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000038623Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:42.116{7BD73061-6E8E-613B-1107-00000000F001}4116NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIB5DE.tmpMD5=ED87082EC137E670EAEC047EE76B0F67,SHA256=AA5F75E874B7E647FA3EEC96709140749D50DBB4205B5CC5B38E7BB965F4E00B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013767Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:43.426{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00EDEFD9EEF9E23CBF32A4B18D044F59,SHA256=3B6AD7DFBB17DF6AA08AF69C0C69531CE218D72AD6C52A123D2DEF9B22B04371,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038889Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.991{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7707-00000000F001}6024c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038888Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.991{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7707-00000000F001}6024c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038887Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.975{7BD73061-6F1F-613B-7807-00000000F001}67444676C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-7707-00000000F001}6024c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038886Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.960{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7807-00000000F001}6744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038885Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.960{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7707-00000000F001}6024c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038884Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.960{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-7707-00000000F001}6024c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038883Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.944{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7507-00000000F001}5488c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038882Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.944{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7507-00000000F001}5488c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038881Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.929{7BD73061-6F1F-613B-7607-00000000F001}55804364C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-7507-00000000F001}5488c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038880Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.929{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7607-00000000F001}5580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038879Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.913{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7507-00000000F001}5488c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038878Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.913{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-7507-00000000F001}5488c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038877Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.913{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7307-00000000F001}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038876Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.913{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7307-00000000F001}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038875Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.913{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA914D5D673DEC63FAD1C2533175BF8A,SHA256=6854DE86341B237E6BE76EAD28E048647B93EA2FFFA5E03EEC9A0EA12DD8B3AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038874Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.897{7BD73061-6F1F-613B-7407-00000000F001}59484028C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-7307-00000000F001}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038873Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.882{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7407-00000000F001}5948C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038872Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.882{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7307-00000000F001}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038871Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.882{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-7307-00000000F001}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038870Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.866{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7107-00000000F001}1380c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038869Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.866{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-7107-00000000F001}1380c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038868Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.850{7BD73061-6F1F-613B-7207-00000000F001}54242380C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-7107-00000000F001}1380c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038867Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.850{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7207-00000000F001}5424C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038866Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.835{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7107-00000000F001}1380c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038865Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.835{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-7107-00000000F001}1380c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038864Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.835{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6F07-00000000F001}6948c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038863Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.835{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6F07-00000000F001}6948c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038862Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.819{7BD73061-6F1F-613B-7007-00000000F001}62241012C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6F07-00000000F001}6948c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038861Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.804{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-7007-00000000F001}6224C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038860Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.804{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6F07-00000000F001}6948c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038859Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.804{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6F07-00000000F001}6948c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038858Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.788{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6D07-00000000F001}5640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038857Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.788{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6D07-00000000F001}5640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038856Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.772{7BD73061-6F1F-613B-6E07-00000000F001}63841940C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6D07-00000000F001}5640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038855Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.772{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6E07-00000000F001}6384C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038854Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.757{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6D07-00000000F001}5640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038853Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.757{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6D07-00000000F001}5640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038852Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.757{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6B07-00000000F001}6516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038851Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.757{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6B07-00000000F001}6516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038850Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.725{7BD73061-6F1F-613B-6C07-00000000F001}59166380C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6B07-00000000F001}6516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038849Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.725{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6C07-00000000F001}5916C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038848Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.725{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6B07-00000000F001}6516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038847Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.725{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6B07-00000000F001}6516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038846Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.710{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6907-00000000F001}5696c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038845Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.710{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6907-00000000F001}5696c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038844Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.694{7BD73061-6F1F-613B-6A07-00000000F001}69846348C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6907-00000000F001}5696c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038843Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.679{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6A07-00000000F001}6984C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038842Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.679{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6907-00000000F001}5696c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038841Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.679{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6907-00000000F001}5696c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038840Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.663{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6707-00000000F001}5944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038839Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.663{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6707-00000000F001}5944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038838Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.647{7BD73061-6F1F-613B-6807-00000000F001}52167004C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6707-00000000F001}5944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038837Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.647{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6807-00000000F001}5216C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038836Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.647{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6707-00000000F001}5944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038835Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.647{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6707-00000000F001}5944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038834Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.632{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6507-00000000F001}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038833Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.632{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6507-00000000F001}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038832Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.616{7BD73061-6F1F-613B-6607-00000000F001}5176348C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6507-00000000F001}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038831Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.600{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6607-00000000F001}5176C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038830Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.600{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6507-00000000F001}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038829Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.600{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6507-00000000F001}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038828Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.585{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6307-00000000F001}5508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038827Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.585{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6307-00000000F001}5508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038826Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.569{7BD73061-6F1F-613B-6407-00000000F001}62645900C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6307-00000000F001}5508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038825Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.569{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6407-00000000F001}6264C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038824Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.569{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6307-00000000F001}5508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038823Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.569{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6307-00000000F001}5508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038822Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.554{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6107-00000000F001}6140c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038821Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.554{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-6107-00000000F001}6140c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038820Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.554{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D70ECD1368D9E05ED4E700AEC1F6490,SHA256=666434E54023684770283D6B58750D9E2790CEA88569DF2893B7D99C1FB5F155,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038819Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.538{7BD73061-6F1F-613B-6207-00000000F001}63723420C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-6107-00000000F001}6140c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038818Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.522{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6207-00000000F001}6372C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038817Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.522{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6107-00000000F001}6140c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038816Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.522{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-6107-00000000F001}6140c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038815Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.507{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5F07-00000000F001}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038814Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.507{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5F07-00000000F001}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038813Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.491{7BD73061-6F1F-613B-6007-00000000F001}51606352C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5F07-00000000F001}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038812Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.491{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-6007-00000000F001}5160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038811Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.475{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5F07-00000000F001}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038810Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.475{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5F07-00000000F001}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038809Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.475{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5D07-00000000F001}5524c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038808Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.475{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5D07-00000000F001}5524c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038807Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.460{7BD73061-6F1F-613B-5E07-00000000F001}53445320C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5D07-00000000F001}5524c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038806Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.444{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5E07-00000000F001}5344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038805Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.444{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5D07-00000000F001}5524c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038804Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.444{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5D07-00000000F001}5524c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038803Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.429{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5B07-00000000F001}1032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038802Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.429{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5B07-00000000F001}1032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038801Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.413{7BD73061-6F1F-613B-5C07-00000000F001}62606208C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5B07-00000000F001}1032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038800Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.413{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5C07-00000000F001}6260C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038799Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.397{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5B07-00000000F001}1032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038798Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.397{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5B07-00000000F001}1032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038797Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.397{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5907-00000000F001}6896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038796Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.397{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5907-00000000F001}6896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038795Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.382{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5807-00000000F001}5604C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038794Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.382{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5807-00000000F001}5604C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038793Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.382{7BD73061-6F1F-613B-5A07-00000000F001}55566920C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5907-00000000F001}6896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038792Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.366{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5A07-00000000F001}5556C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038791Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.366{7BD73061-6F1E-613B-4007-00000000F001}70245644C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5807-00000000F001}5604C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038790Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.366{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5907-00000000F001}6896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038789Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.366{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5907-00000000F001}6896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038788Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.351{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5807-00000000F001}5604C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038787Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.351{7BD73061-6F1E-613B-3D07-00000000F001}52962756C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{7BD73061-6F1F-613B-5807-00000000F001}5604C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+3d7ae(wow64)|UNKNOWN(0000000000FE4853)|UNKNOWN(0000000000FE4504)|UNKNOWN(0000000000FE2103)|UNKNOWN(0000000000FE0F66)|UNKNOWN(0000000000FE0950)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+185eb(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+199407(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1bb96a(wow64) 10341000x800000000000000038786Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.351{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5607-00000000F001}1344c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038785Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.351{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5607-00000000F001}1344c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038784Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.335{7BD73061-6F1F-613B-5707-00000000F001}12245584C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5607-00000000F001}1344c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038783Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.319{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5707-00000000F001}1224C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038782Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.319{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5607-00000000F001}1344c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038781Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.319{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5607-00000000F001}1344c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038780Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.319{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5407-00000000F001}6804c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038779Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.319{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5407-00000000F001}6804c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038778Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.288{7BD73061-6F1F-613B-5507-00000000F001}57726148C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5407-00000000F001}6804c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038777Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.288{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5507-00000000F001}5772C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038776Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.272{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5407-00000000F001}6804c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038775Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.272{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5407-00000000F001}6804c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038774Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.272{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5207-00000000F001}6772c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038773Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.272{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5207-00000000F001}6772c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038772Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.257{7BD73061-6F1F-613B-5307-00000000F001}25965912C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5207-00000000F001}6772c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038771Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.241{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5307-00000000F001}2596C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038770Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.241{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5207-00000000F001}6772c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038769Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.241{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5207-00000000F001}6772c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038768Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.225{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5007-00000000F001}6824c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038767Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.225{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-5007-00000000F001}6824c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038766Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.210{7BD73061-6F1F-613B-5107-00000000F001}16606640C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-5007-00000000F001}6824c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038765Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.210{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5107-00000000F001}1660C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038764Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.194{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-5007-00000000F001}6824c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038763Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.194{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-5007-00000000F001}6824c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038762Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.194{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4E07-00000000F001}1092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038761Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.194{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4E07-00000000F001}1092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038760Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.194{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F71D7A9053E4468461233898A498D31,SHA256=3F7F5364A855909CE8522EFF36985F432A5B4E86A10BD0D035D89F602A213FAB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038759Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.163{7BD73061-6F1F-613B-4F07-00000000F001}5806828C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-4E07-00000000F001}1092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038758Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.163{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3F81EFC57CC799A0B7A70F702857805,SHA256=9E891B8DE354495A5D2E3C4314AB9C4A6E20C534D5066A864B86B8DBD836BA17,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038757Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.163{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4F07-00000000F001}580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038756Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.163{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4E07-00000000F001}1092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038755Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.163{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-4E07-00000000F001}1092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038754Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.147{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4C07-00000000F001}4988c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038753Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.147{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4C07-00000000F001}4988c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038752Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.132{7BD73061-6F1F-613B-4D07-00000000F001}51846152C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-4C07-00000000F001}4988c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038751Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.132{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B800A873EAD04C9DCFB85F87810988,SHA256=5B46AC390C92A9FD06481034F03E2F7DB6D119084AAEB35028BB91605D23C3E0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038750Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.116{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4D07-00000000F001}5184C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038749Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.116{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4C07-00000000F001}4988c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038748Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.116{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-4C07-00000000F001}4988c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038747Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.100{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4A07-00000000F001}6928c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038746Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.100{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4A07-00000000F001}6928c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038745Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.085{7BD73061-6F1F-613B-4B07-00000000F001}71003876C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-4A07-00000000F001}6928c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038744Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.069{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4907-00000000F001}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038743Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.069{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4907-00000000F001}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038742Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.069{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4B07-00000000F001}7100C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038741Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.069{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4A07-00000000F001}6928c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038740Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.069{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-4A07-00000000F001}6928c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038739Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.054{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4707-00000000F001}2632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038738Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.054{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F1F-613B-4707-00000000F001}2632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038737Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.054{7BD73061-6F1E-613B-3F07-00000000F001}66245708C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-4907-00000000F001}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038736Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.054{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4907-00000000F001}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038735Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.054{7BD73061-6F1E-613B-3E07-00000000F001}38321644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{7BD73061-6F1F-613B-4907-00000000F001}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+35491|UNKNOWN(00007FF8E4D75A07) 10341000x800000000000000038734Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.023{7BD73061-6F1F-613B-4807-00000000F001}57645504C:\Windows\system32\conhost.exe{7BD73061-6F1F-613B-4707-00000000F001}2632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038733Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.023{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4807-00000000F001}5764C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038732Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.007{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F1F-613B-4707-00000000F001}2632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038731Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.007{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F1F-613B-4707-00000000F001}2632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038730Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.007{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4507-00000000F001}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038729Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.007{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F1E-613B-4507-00000000F001}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000013768Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:44.442{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FB95FA2BD98DD308FF4C984C5DDD71D,SHA256=EF9940A1ABB0B2E0C121BC4C8CB2B32E6115729A532327031C898C81501734F7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039049Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.991{7BD73061-6F20-613B-AC07-00000000F001}64366224C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-AB07-00000000F001}1368c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039048Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.975{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-AC07-00000000F001}6436C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039047Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.975{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-AB07-00000000F001}1368c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039046Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.975{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-AB07-00000000F001}1368c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039045Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.975{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A907-00000000F001}4120c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039044Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.975{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A907-00000000F001}4120c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039043Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.944{7BD73061-6F20-613B-AA07-00000000F001}56406536C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-A907-00000000F001}4120c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039042Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.944{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-AA07-00000000F001}5640C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039041Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.944{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A907-00000000F001}4120c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039040Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.928{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-A907-00000000F001}4120c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039039Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.928{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A707-00000000F001}6200c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039038Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.928{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A707-00000000F001}6200c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039037Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.917{7BD73061-6F20-613B-A807-00000000F001}6516608C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-A707-00000000F001}6200c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039036Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.916{7BD73061-65BF-613B-2900-00000000F001}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-044adde96bd54cffd\channels\health\respondent-20210910140346-038MD5=0ECBD96D4C8EFA762750D80ED755F871,SHA256=884DCF4CAE7DADA9980CDF8B8E62499F900EF27E1E36C36938E27750A8EC29B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039035Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.899{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A807-00000000F001}6516C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039034Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.899{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A707-00000000F001}6200c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039033Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.899{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-A707-00000000F001}6200c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039032Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.883{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A507-00000000F001}5976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039031Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.883{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A507-00000000F001}5976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039030Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.883{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=359B53677BF164D4841F9AEE34A010B2,SHA256=FBBF2612F0551D317E2C26ECFAEA42A15976BD512CD50808F8401122B4DC25F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039029Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.867{7BD73061-6F20-613B-A607-00000000F001}56962244C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-A507-00000000F001}5976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039028Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.867{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A607-00000000F001}5696C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039027Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.852{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A507-00000000F001}5976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039026Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.852{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-A507-00000000F001}5976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039025Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.852{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A307-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039024Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.852{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A307-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039023Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.836{7BD73061-6F20-613B-A407-00000000F001}63325968C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-A307-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039022Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.820{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A407-00000000F001}6332C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039021Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.820{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A307-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039020Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.820{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-A307-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039019Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.805{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A107-00000000F001}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039018Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.805{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-A107-00000000F001}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039017Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.789{7BD73061-6F20-613B-A207-00000000F001}69005940C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-A107-00000000F001}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039016Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.789{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A207-00000000F001}6900C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039015Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.774{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A107-00000000F001}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039014Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.774{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-A107-00000000F001}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039013Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.774{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9F07-00000000F001}6364c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039012Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.774{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9F07-00000000F001}6364c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039011Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.758{7BD73061-6F20-613B-A007-00000000F001}23281056C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9F07-00000000F001}6364c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039010Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.742{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-A007-00000000F001}2328C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039009Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.742{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9F07-00000000F001}6364c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039008Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.742{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9F07-00000000F001}6364c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039007Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.727{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9D07-00000000F001}5672c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039006Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.727{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9D07-00000000F001}5672c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039005Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.711{7BD73061-6F20-613B-9E07-00000000F001}63244164C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9D07-00000000F001}5672c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039004Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.711{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9E07-00000000F001}6324C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039003Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.695{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9D07-00000000F001}5672c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039002Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.695{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9D07-00000000F001}5672c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039001Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.695{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9B07-00000000F001}1020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039000Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.695{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9B07-00000000F001}1020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038999Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.680{7BD73061-6F20-613B-9C07-00000000F001}58161916C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9B07-00000000F001}1020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038998Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.664{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9C07-00000000F001}5816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038997Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.664{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9B07-00000000F001}1020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038996Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.664{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9B07-00000000F001}1020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038995Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.664{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9907-00000000F001}6872c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038994Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.664{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9907-00000000F001}6872c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038993Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.633{7BD73061-6F20-613B-9A07-00000000F001}55247116C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9907-00000000F001}6872c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038992Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.633{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9A07-00000000F001}5524C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038991Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.633{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9907-00000000F001}6872c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038990Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.617{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9907-00000000F001}6872c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038989Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.617{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9707-00000000F001}1272c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038988Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.617{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9707-00000000F001}1272c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038987Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.602{7BD73061-6F20-613B-9807-00000000F001}62083428C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9707-00000000F001}1272c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038986Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.586{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9807-00000000F001}6208C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038985Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.586{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9707-00000000F001}1272c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038984Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.586{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9707-00000000F001}1272c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038983Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.586{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9507-00000000F001}7040c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038982Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.586{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9507-00000000F001}7040c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038981Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.555{7BD73061-6F20-613B-9607-00000000F001}69206924C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9507-00000000F001}7040c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038980Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.555{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9607-00000000F001}6920C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038979Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.555{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9507-00000000F001}7040c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038978Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.555{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9507-00000000F001}7040c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038977Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.539{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9307-00000000F001}1224c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038976Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.539{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9307-00000000F001}1224c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038975Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.524{7BD73061-6F20-613B-9407-00000000F001}11405168C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9307-00000000F001}1224c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038974Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.524{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7F8C03160313694EEAE32BAF149142B,SHA256=C94DB5BCDACCC7AD30659D74778793936E89D7191324D61B6C47C09B04149B65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038973Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.508{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9407-00000000F001}1140C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038972Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.508{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9307-00000000F001}1224c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038971Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.508{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9307-00000000F001}1224c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038970Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.508{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9107-00000000F001}6148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038969Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.508{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-9107-00000000F001}6148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038968Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.477{7BD73061-6F20-613B-9207-00000000F001}62807032C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-9107-00000000F001}6148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038967Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.477{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9207-00000000F001}6280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038966Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.477{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9107-00000000F001}6148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038965Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.477{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-9107-00000000F001}6148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038964Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.461{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8F07-00000000F001}5912c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038963Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.461{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8F07-00000000F001}5912c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038962Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.445{7BD73061-6F20-613B-9007-00000000F001}65126360C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8F07-00000000F001}5912c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038961Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.430{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-9007-00000000F001}6512C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038960Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.430{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8F07-00000000F001}5912c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038959Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.430{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8F07-00000000F001}5912c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038958Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.430{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8D07-00000000F001}6640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038957Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.430{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8D07-00000000F001}6640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038956Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.397{7BD73061-6F20-613B-8E07-00000000F001}61684964C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8D07-00000000F001}6640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038955Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.397{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8E07-00000000F001}6168C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038954Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.397{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8D07-00000000F001}6640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038953Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.397{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8D07-00000000F001}6640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038952Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.382{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8B07-00000000F001}6828c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038951Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.382{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8B07-00000000F001}6828c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038950Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.366{7BD73061-6F20-613B-8C07-00000000F001}63084312C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8B07-00000000F001}6828c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038949Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.366{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8C07-00000000F001}6308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038948Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.350{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8B07-00000000F001}6828c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038947Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.350{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8B07-00000000F001}6828c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038946Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.350{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8907-00000000F001}5476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038945Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.350{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8907-00000000F001}5476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038944Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.319{7BD73061-6F20-613B-8A07-00000000F001}19245336C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8907-00000000F001}5476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038943Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.319{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8A07-00000000F001}1924C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000038942Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.319{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9200520942C64A23C4C035582619BC6B,SHA256=E93138ACEC64F7B6C7FE3BE824732FDCCEEB293F060733D8631A313C5D7C607D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038941Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.304{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8907-00000000F001}5476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038940Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.304{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8907-00000000F001}5476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038939Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.304{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8707-00000000F001}6988c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038938Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.304{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8707-00000000F001}6988c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038937Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.288{7BD73061-6F20-613B-8807-00000000F001}67364988C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8707-00000000F001}6988c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038936Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.272{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8807-00000000F001}6736C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038935Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.272{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8707-00000000F001}6988c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038934Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.272{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8707-00000000F001}6988c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038933Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.272{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8507-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038932Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.272{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8507-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038931Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.241{7BD73061-6F20-613B-8607-00000000F001}57206928C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8507-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038930Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.241{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8607-00000000F001}5720C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038929Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.225{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8507-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038928Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.225{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8507-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038927Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.225{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8307-00000000F001}7092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038926Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.225{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8307-00000000F001}7092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038925Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.210{7BD73061-6F20-613B-8407-00000000F001}15766652C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8307-00000000F001}7092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038924Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8407-00000000F001}1576C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038923Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8307-00000000F001}7092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038922Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8307-00000000F001}7092c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000038921Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11DF7A06DC8B06AF2AEB54A9E166842E,SHA256=775AEC012178DFF8FF434A505D525B1B2998342F7378358C1406F6D68A275293,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038920Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8107-00000000F001}3152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038919Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.194{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-8107-00000000F001}3152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038918Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.163{7BD73061-6F20-613B-8207-00000000F001}59046252C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-8107-00000000F001}3152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038917Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.163{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8207-00000000F001}5904C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038916Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.163{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8107-00000000F001}3152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038915Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.147{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-8107-00000000F001}3152c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038914Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.147{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7F07-00000000F001}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038913Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.147{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7F07-00000000F001}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038912Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.132{7BD73061-6F20-613B-8007-00000000F001}48083340C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-7F07-00000000F001}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000038911Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.132{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A515905A94051E82296375AA731C17,SHA256=DFE45EABCFF196570F75C3ACB620B481B9B8AEB3FABE7F4A4A4E932274F029D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000038910Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.116{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-8007-00000000F001}4808C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038909Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.116{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7F07-00000000F001}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038908Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.116{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-7F07-00000000F001}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038907Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.100{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7D07-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038906Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.100{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7D07-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038905Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.085{7BD73061-6F20-613B-7E07-00000000F001}39325092C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-7D07-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038904Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.085{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7E07-00000000F001}3932C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038903Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.069{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7D07-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038902Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.069{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-7D07-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038901Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.069{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7B07-00000000F001}4740c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038900Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.069{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7B07-00000000F001}4740c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038899Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.054{7BD73061-6F20-613B-7C07-00000000F001}2768912C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-7B07-00000000F001}4740c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038898Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.038{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7C07-00000000F001}2768C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038897Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.038{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7B07-00000000F001}4740c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038896Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.038{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-7B07-00000000F001}4740c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038895Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.022{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7907-00000000F001}5312c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038894Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.022{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-7907-00000000F001}5312c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038893Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.007{7BD73061-6F20-613B-7A07-00000000F001}4766796C:\Windows\system32\conhost.exe{7BD73061-6F20-613B-7907-00000000F001}5312c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000038892Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:44.007{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7A07-00000000F001}476C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038891Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.991{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F20-613B-7907-00000000F001}5312c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000038890Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:43.991{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F20-613B-7907-00000000F001}5312c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000013769Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:45.457{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5B4D85E8BCF2EAFFD99793AE7B90FED,SHA256=B8DA89065749DE451E81270139FC36891B2BFC7056AADE45F528F8F28B5D4182,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039194Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.988{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D907-00000000F001}6268c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039193Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.988{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D907-00000000F001}6268c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039192Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.957{7BD73061-6F21-613B-DA07-00000000F001}34206324C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-D907-00000000F001}6268c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039191Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.957{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-DA07-00000000F001}3420C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039190Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.942{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D907-00000000F001}6268c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039189Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.942{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-D907-00000000F001}6268c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039188Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.942{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D707-00000000F001}5116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039187Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.942{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D707-00000000F001}5116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039186Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.928{7BD73061-65BF-613B-2900-00000000F001}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-044adde96bd54cffd\channels\health\surveyor-20210910140344-039MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039185Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.913{7BD73061-6F21-613B-D807-00000000F001}51605816C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-D707-00000000F001}5116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039184Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.913{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D807-00000000F001}5160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039183Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.913{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D707-00000000F001}5116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039182Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.913{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-D707-00000000F001}5116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039181Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.897{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D507-00000000F001}6596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039180Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.897{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D507-00000000F001}6596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039179Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.881{7BD73061-6F21-613B-D607-00000000F001}42245524C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-D507-00000000F001}6596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039178Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.866{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D607-00000000F001}4224C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039177Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.866{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D507-00000000F001}6596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039176Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.866{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-D507-00000000F001}6596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039175Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.850{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D307-00000000F001}5332c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039174Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.850{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D307-00000000F001}5332c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039173Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.835{7BD73061-6F21-613B-D407-00000000F001}51806208C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-D307-00000000F001}5332c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039172Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.835{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D407-00000000F001}5180C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039171Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.819{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D307-00000000F001}5332c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039170Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.819{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-D307-00000000F001}5332c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039169Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.819{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D107-00000000F001}3816c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039168Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.819{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-D107-00000000F001}3816c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039167Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.803{7BD73061-6F21-613B-D207-00000000F001}53406920C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-D107-00000000F001}3816c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039166Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.788{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D207-00000000F001}5340C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039165Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.788{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D107-00000000F001}3816c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039164Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.788{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-D107-00000000F001}3816c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039163Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.772{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CF07-00000000F001}6884c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039162Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.772{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CF07-00000000F001}6884c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039161Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.756{7BD73061-6F21-613B-D007-00000000F001}10165168C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-CF07-00000000F001}6884c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039160Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.756{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33AF935E924B4D1F8ADFA54D935B0741,SHA256=C2A96B2F5D9E5CA93C853BA5FC5E94E650420D435A6BE1AEA75E42A032F776DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039159Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.741{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-D007-00000000F001}1016C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039158Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.741{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CF07-00000000F001}6884c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039157Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.741{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-CF07-00000000F001}6884c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039156Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.725{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CD07-00000000F001}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039155Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.725{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CD07-00000000F001}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039154Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.710{7BD73061-6F21-613B-CE07-00000000F001}23125584C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-CD07-00000000F001}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039153Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.710{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CE07-00000000F001}2312C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039152Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.694{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CD07-00000000F001}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039151Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.694{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-CD07-00000000F001}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039150Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.694{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CB07-00000000F001}7152c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039149Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.694{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-CB07-00000000F001}7152c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039148Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.678{7BD73061-6F21-613B-CC07-00000000F001}55721008C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-CB07-00000000F001}7152c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039147Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.663{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CC07-00000000F001}5572C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039146Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.663{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CB07-00000000F001}7152c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039145Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.663{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-CB07-00000000F001}7152c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039144Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.647{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C907-00000000F001}6704c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039143Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.647{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C907-00000000F001}6704c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039142Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.631{7BD73061-6F21-613B-CA07-00000000F001}70844964C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-C907-00000000F001}6704c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039141Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.616{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-CA07-00000000F001}7084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039140Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.600{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C907-00000000F001}6704c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039139Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.600{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-C907-00000000F001}6704c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039138Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.585{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C707-00000000F001}6212c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039137Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.585{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C707-00000000F001}6212c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039136Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.569{7BD73061-6F21-613B-C807-00000000F001}68164312C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-C707-00000000F001}6212c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039135Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.569{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C807-00000000F001}6816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039134Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.553{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C707-00000000F001}6212c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039133Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.553{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-C707-00000000F001}6212c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039132Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.538{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C507-00000000F001}1092c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039131Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.538{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C507-00000000F001}1092c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039130Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.522{7BD73061-6F21-613B-C607-00000000F001}62285476C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-C507-00000000F001}1092c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039129Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.522{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C607-00000000F001}6228C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039128Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.506{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C507-00000000F001}1092c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039127Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.506{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-C507-00000000F001}1092c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039126Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.491{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C307-00000000F001}5184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039125Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.491{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C307-00000000F001}5184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039124Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.475{7BD73061-6F21-613B-C407-00000000F001}57924988C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-C307-00000000F001}5184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039123Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.475{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C407-00000000F001}5792C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039122Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.475{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C307-00000000F001}5184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039121Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.475{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-C307-00000000F001}5184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039120Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.460{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C107-00000000F001}3876c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039119Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.460{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-C107-00000000F001}3876c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039118Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.444{7BD73061-6F21-613B-C207-00000000F001}46525720C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-C107-00000000F001}3876c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039117Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.428{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C207-00000000F001}4652C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039116Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.428{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C107-00000000F001}3876c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039115Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.428{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-C107-00000000F001}3876c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039114Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.413{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BF07-00000000F001}6672c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039113Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.413{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BF07-00000000F001}6672c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039112Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.397{7BD73061-6F21-613B-C007-00000000F001}57641576C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-BF07-00000000F001}6672c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039111Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.397{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-C007-00000000F001}5764C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000039110Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.397{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=077A0A8281E15AECD787CE1203991FAE,SHA256=47EA3E4DA8E3364A31453BD1B34097D0C97222C102C18E1B1424DE58DFE59E0F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039109Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.381{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BF07-00000000F001}6672c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039108Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.381{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-BF07-00000000F001}6672c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039107Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.381{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BD07-00000000F001}6548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039106Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.381{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BD07-00000000F001}6548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039105Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.350{7BD73061-6F21-613B-BE07-00000000F001}28166252C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-BD07-00000000F001}6548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039104Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.350{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BE07-00000000F001}2816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039103Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.350{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BD07-00000000F001}6548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039102Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.350{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-BD07-00000000F001}6548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039101Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.335{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BB07-00000000F001}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039100Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.335{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-BB07-00000000F001}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039099Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.319{7BD73061-6F21-613B-BC07-00000000F001}50644808C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-BB07-00000000F001}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039098Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.303{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BC07-00000000F001}5064C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039097Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.303{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BB07-00000000F001}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039096Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.303{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-BB07-00000000F001}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039095Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.288{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B907-00000000F001}7028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039094Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.288{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B907-00000000F001}7028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039093Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.272{7BD73061-6F21-613B-BA07-00000000F001}49566124C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-B907-00000000F001}7028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039092Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.272{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D59B20771958418E1EB6E543C7F4001,SHA256=A1287ECCC122977FE712541F01D8E9C97A2E087BDE8CB11BC04A29FDA7B5E345,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039091Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.272{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-BA07-00000000F001}4956C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039090Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.256{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B907-00000000F001}7028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039089Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.256{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-B907-00000000F001}7028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039088Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.256{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B707-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039087Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.256{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B707-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039086Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.241{7BD73061-6F21-613B-B807-00000000F001}53002768C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-B707-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039085Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.225{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B807-00000000F001}5300C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039084Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.225{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B707-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039083Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.225{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-B707-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039082Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.210{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B507-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039081Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.210{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B507-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039080Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.210{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE069FF4B5FC5A8817AE7FAC8D26B8A3,SHA256=1C1CB8AB5DA6FD50AC3EDD40F90F1BEDA9CD210B6C7432710C44A48BB53BCE7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039079Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.194{7BD73061-6F21-613B-B607-00000000F001}6608476C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-B507-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039078Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.178{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B607-00000000F001}6608C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039077Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.178{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B507-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039076Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.178{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-B507-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039075Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.163{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B307-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039074Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.163{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B307-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039073Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.147{7BD73061-6F21-613B-B407-00000000F001}66564676C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-B307-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039072Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.147{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B407-00000000F001}6656C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039071Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.131{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B307-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039070Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.131{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-B307-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039069Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.131{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B107-00000000F001}1172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039068Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.131{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-B107-00000000F001}1172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039067Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.100{7BD73061-6F21-613B-B207-00000000F001}69685488C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-B107-00000000F001}1172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039066Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.100{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B207-00000000F001}6968C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039065Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.100{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B107-00000000F001}1172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039064Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.085{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-B107-00000000F001}1172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039063Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.085{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-AF07-00000000F001}6616c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039062Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.085{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-AF07-00000000F001}6616c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039061Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.069{7BD73061-6F21-613B-B007-00000000F001}46564028C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-AF07-00000000F001}6616c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039060Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.053{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-B007-00000000F001}4656C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039059Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.053{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-AF07-00000000F001}6616c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039058Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.053{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-AF07-00000000F001}6616c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039057Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.053{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-AD07-00000000F001}5436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039056Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.038{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-AD07-00000000F001}5436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039055Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.022{7BD73061-6F21-613B-AE07-00000000F001}63045424C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-AD07-00000000F001}5436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039054Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.022{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-AE07-00000000F001}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039053Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.006{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-AD07-00000000F001}5436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039052Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.006{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-AD07-00000000F001}5436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039051Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.006{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-AB07-00000000F001}1368c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039050Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.006{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F20-613B-AB07-00000000F001}1368c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000013771Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:44.506{625C326B-6882-613B-D200-00000000F101}3164C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-166.attackrange.local50108-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013770Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:46.457{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFC2B4F40E29F472640948377197FF59,SHA256=25B670FE25CA11D8257400330C6B3FE21BCC732CEA7F2D415EF5F8D9DD9A9EFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039352Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.979{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0E08-00000000F001}6476C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039351Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.979{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0D08-00000000F001}6924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039350Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.979{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0D08-00000000F001}6924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039349Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.963{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0B08-00000000F001}1140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039348Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.963{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0B08-00000000F001}1140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039347Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.948{7BD73061-6F22-613B-0C08-00000000F001}55201016C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0B08-00000000F001}1140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039346Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.948{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0C08-00000000F001}5520C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039345Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.948{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0B08-00000000F001}1140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039344Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.948{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0B08-00000000F001}1140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039343Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.932{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0908-00000000F001}6280c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039342Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.932{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0908-00000000F001}6280c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039341Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.916{7BD73061-6F22-613B-0A08-00000000F001}61482596C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0908-00000000F001}6280c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039340Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.901{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0A08-00000000F001}6148C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039339Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.901{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0908-00000000F001}6280c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039338Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.901{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0908-00000000F001}6280c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039337Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.885{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0708-00000000F001}6512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039336Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.885{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0708-00000000F001}6512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039335Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.869{7BD73061-6F22-613B-0808-00000000F001}59125772C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0708-00000000F001}6512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039334Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.869{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0808-00000000F001}5912C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039333Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.869{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0708-00000000F001}6512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039332Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.854{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0708-00000000F001}6512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039331Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.854{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0508-00000000F001}1660c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039330Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.854{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0508-00000000F001}1660c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039329Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.838{7BD73061-6F22-613B-0608-00000000F001}28926240C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0508-00000000F001}1660c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039328Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.823{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0608-00000000F001}2892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039327Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.823{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0508-00000000F001}1660c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039326Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.823{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0508-00000000F001}1660c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039325Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.806{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0308-00000000F001}580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039324Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.806{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0308-00000000F001}580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039323Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.790{7BD73061-6F22-613B-0408-00000000F001}68606804C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0308-00000000F001}580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039322Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.790{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0408-00000000F001}6860C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000039321Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.790{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBAD1B740933EF5E57724C3F922C3883,SHA256=CEB439B31AC6A131108402BBAE1777DFBEF4B1396BD0106F046C15B9595908F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039320Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.790{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0308-00000000F001}580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039319Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.775{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0308-00000000F001}580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039318Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.775{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0108-00000000F001}6292c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039317Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.775{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-0108-00000000F001}6292c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039316Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.759{7BD73061-6F22-613B-0208-00000000F001}63206772C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-0108-00000000F001}6292c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039315Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.743{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0208-00000000F001}6320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039314Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.743{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0108-00000000F001}6292c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039313Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.743{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-0108-00000000F001}6292c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039312Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.728{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FF07-00000000F001}3944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039311Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.728{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FF07-00000000F001}3944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039310Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.712{7BD73061-6F22-613B-0008-00000000F001}51846708C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-FF07-00000000F001}3944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039309Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.712{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-0008-00000000F001}5184C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039308Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.712{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FF07-00000000F001}3944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039307Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.696{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-FF07-00000000F001}3944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039306Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.696{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FD07-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039305Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.696{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FD07-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039304Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.681{7BD73061-6F22-613B-FE07-00000000F001}38766952C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-FD07-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039303Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.665{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FE07-00000000F001}3876C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039302Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.665{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FD07-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039301Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.665{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-FD07-00000000F001}1304c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039300Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.650{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FB07-00000000F001}6652c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039299Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.650{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-FB07-00000000F001}6652c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039298Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.634{7BD73061-6F22-613B-FC07-00000000F001}34806216C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-FB07-00000000F001}6652c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039297Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.634{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FC07-00000000F001}3480C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039296Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.634{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FB07-00000000F001}6652c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039295Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.634{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-FB07-00000000F001}6652c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039294Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.618{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F907-00000000F001}2408c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039293Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.618{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F907-00000000F001}2408c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039292Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.603{7BD73061-6F22-613B-FA07-00000000F001}66205504C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-F907-00000000F001}2408c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039291Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.587{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-FA07-00000000F001}6620C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039290Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.587{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F907-00000000F001}2408c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039289Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.587{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-F907-00000000F001}2408c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039288Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.571{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F707-00000000F001}7148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039287Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.571{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F707-00000000F001}7148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039286Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.556{7BD73061-6F22-613B-F807-00000000F001}67006472C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-F707-00000000F001}7148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039285Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.556{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F807-00000000F001}6700C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039284Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.556{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F707-00000000F001}7148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039283Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.556{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-F707-00000000F001}7148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039282Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.540{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F507-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039281Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.540{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F507-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039280Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.525{7BD73061-6F22-613B-F607-00000000F001}70284828C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-F507-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039279Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.509{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F607-00000000F001}7028C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039278Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.509{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F507-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039277Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.509{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-F507-00000000F001}496c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039276Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.493{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F307-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039275Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.493{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F307-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039274Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.478{7BD73061-6F22-613B-F407-00000000F001}53006732C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-F307-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039273Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.478{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F407-00000000F001}5300C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039272Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.478{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F307-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039271Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.478{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-F307-00000000F001}4960c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039270Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.462{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F107-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039269Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.462{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-F107-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039268Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.446{7BD73061-6F22-613B-F207-00000000F001}6608912C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-F107-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039267Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.443{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7BEC2A7C8A56310E7A665ED6D7A9901,SHA256=0D4FF21F3E916A97281A8D384F078189B347F687023EE58B1C38D3DBCAD9ADBB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039266Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.443{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F207-00000000F001}6608C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039265Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.426{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F107-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039264Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.426{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-F107-00000000F001}5396c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039263Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.426{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-EF07-00000000F001}1628c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039262Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.426{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-EF07-00000000F001}1628c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039261Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.395{7BD73061-6F22-613B-F007-00000000F001}46762992C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-EF07-00000000F001}1628c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039260Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.395{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-F007-00000000F001}4676C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039259Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.395{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-EF07-00000000F001}1628c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039258Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.395{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-EF07-00000000F001}1628c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039257Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.379{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-ED07-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039256Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.379{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-ED07-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039255Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.363{7BD73061-6F22-613B-EE07-00000000F001}11725516C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-ED07-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039254Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.348{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-EE07-00000000F001}1172C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039253Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.348{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-ED07-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039252Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.348{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-ED07-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039251Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.332{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-EB07-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039250Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.332{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-EB07-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039249Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.332{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CCFA1DCDC29EE81ACD5D27D039BDB24,SHA256=AA02BB252D6F04EC8F2E263CCB7EC1F819754A9B0D78477C70FD4F733A5BE8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000039248Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.332{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB367121EF2BB1585D47C3C7526406FB,SHA256=9F68840AA5A00CD5C58B760FD8477C014FAF8F5A69F78205FFE82EE77377D99B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039247Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.317{7BD73061-6F22-613B-EC07-00000000F001}64444656C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-EB07-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039246Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.317{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-EC07-00000000F001}6444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039245Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.317{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-EB07-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039244Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.301{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-EB07-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039243Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.301{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E907-00000000F001}6296c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039242Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.301{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E907-00000000F001}6296c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039241Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.285{7BD73061-6F22-613B-EA07-00000000F001}23805424C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-E907-00000000F001}6296c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039240Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.270{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-EA07-00000000F001}2380C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039239Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.270{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E907-00000000F001}6296c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039238Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.270{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-E907-00000000F001}6296c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039237Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.254{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E707-00000000F001}7008c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039236Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.254{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E707-00000000F001}7008c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039235Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.238{7BD73061-6F22-613B-E807-00000000F001}10126224C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-E707-00000000F001}7008c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039234Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.238{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E807-00000000F001}1012C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039233Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.238{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E707-00000000F001}7008c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039232Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.238{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-E707-00000000F001}7008c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039231Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.223{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E507-00000000F001}6336c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039230Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.223{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E507-00000000F001}6336c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039229Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.207{7BD73061-6F22-613B-E607-00000000F001}58246536C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-E507-00000000F001}6336c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039228Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.192{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E607-00000000F001}5824C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039227Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.192{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E507-00000000F001}6336c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039226Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.192{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-E507-00000000F001}6336c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039225Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.176{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E307-00000000F001}2240c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039224Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.176{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E307-00000000F001}2240c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039223Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.160{7BD73061-6F22-613B-E407-00000000F001}7000608C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-E307-00000000F001}2240c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039222Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.160{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E407-00000000F001}7000C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039221Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.160{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E307-00000000F001}2240c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039220Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.160{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-E307-00000000F001}2240c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039219Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.145{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E107-00000000F001}6580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039218Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.145{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-E107-00000000F001}6580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039217Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.129{7BD73061-6F22-613B-E207-00000000F001}44602244C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-E107-00000000F001}6580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039216Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.113{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E207-00000000F001}4460C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039215Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.113{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E107-00000000F001}6580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039214Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.113{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-E107-00000000F001}6580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000039213Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.113{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4E1558D92D17ECB34113924C2B261EB,SHA256=C9FE2EE77C461409ECDB005FBC8A8F3C088F5476650B3227119434455F4191C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039212Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.098{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-DF07-00000000F001}4760c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039211Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.098{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-DF07-00000000F001}4760c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039210Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.082{7BD73061-6F22-613B-E007-00000000F001}52166332C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-DF07-00000000F001}4760c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039209Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.082{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-E007-00000000F001}5216C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039208Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.082{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-DF07-00000000F001}4760c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039207Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.082{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-DF07-00000000F001}4760c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039206Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.067{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-DD07-00000000F001}348c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039205Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.067{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F22-613B-DD07-00000000F001}348c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039204Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.051{7BD73061-6F22-613B-DE07-00000000F001}69127080C:\Windows\system32\conhost.exe{7BD73061-6F22-613B-DD07-00000000F001}348c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039203Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.035{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-DE07-00000000F001}6912C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039202Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.035{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-DD07-00000000F001}348c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039201Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.035{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F22-613B-DD07-00000000F001}348c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039200Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.020{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-DB07-00000000F001}6264c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039199Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.020{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F21-613B-DB07-00000000F001}6264c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039198Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.004{7BD73061-6F22-613B-DC07-00000000F001}5508224C:\Windows\system32\conhost.exe{7BD73061-6F21-613B-DB07-00000000F001}6264c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039197Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:46.004{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F22-613B-DC07-00000000F001}5508C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039196Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.988{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F21-613B-DB07-00000000F001}6264c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039195Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:45.988{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F21-613B-DB07-00000000F001}6264c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000013772Microsoft-Windows-Sysmon/Operationalwin-host-166.attackrange.local-2021-09-10 14:43:47.489{625C326B-6888-613B-DB00-00000000F101}104NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A96FA98DEA5166ED19D67B0AA02FEE41,SHA256=64FC20AC231F05F49B3B8F7A7100256388E851F6D5B67FCEFADD7AAB03F17A43,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039453Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.635{7BD73061-6F23-613B-2E08-00000000F001}9124948C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2D08-00000000F001}476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039452Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.635{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2E08-00000000F001}912C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039451Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.619{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2D08-00000000F001}476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039450Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.619{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2D08-00000000F001}476c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039449Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.619{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2B08-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039448Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.619{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2B08-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039447Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.604{7BD73061-6F23-613B-2C08-00000000F001}29924740C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2B08-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039446Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.588{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2C08-00000000F001}2992C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039445Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.588{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2B08-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039444Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.588{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2B08-00000000F001}4512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039443Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.573{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2908-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039442Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.573{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2908-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039441Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.557{7BD73061-6F23-613B-2A08-00000000F001}11726796C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2908-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039440Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.557{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2A08-00000000F001}1172C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039439Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.541{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2908-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039438Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.541{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2908-00000000F001}5172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039437Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.541{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2708-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039436Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.541{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2708-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039435Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.526{7BD73061-6F23-613B-2808-00000000F001}64445464C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2708-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039434Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.510{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2808-00000000F001}6444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039433Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.510{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2708-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039432Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.510{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2708-00000000F001}6420c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039431Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.494{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2508-00000000F001}6632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039430Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.494{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2508-00000000F001}6632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039429Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.479{7BD73061-6F23-613B-2608-00000000F001}55324028C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2508-00000000F001}6632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039428Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.479{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2608-00000000F001}5532C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000039427Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.479{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3C111E8514854F7028150A594611540A,SHA256=230375270E5BDCF1F71973B3AF34E6830BD1D8460873985CFC18FDC87239E7AB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039426Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.463{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2508-00000000F001}6632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039425Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.463{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2508-00000000F001}6632c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039424Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.463{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2308-00000000F001}1380c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039423Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.463{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2308-00000000F001}1380c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039422Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.432{7BD73061-6F23-613B-2408-00000000F001}52405152C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2308-00000000F001}1380c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039421Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.432{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2408-00000000F001}5240C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039420Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.432{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2308-00000000F001}1380c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039419Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.432{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2308-00000000F001}1380c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039418Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.416{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2108-00000000F001}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039417Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.416{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-2108-00000000F001}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039416Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.401{7BD73061-6F23-613B-2208-00000000F001}69486556C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-2108-00000000F001}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039415Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.385{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2208-00000000F001}6948C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039414Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.385{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2108-00000000F001}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039413Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.385{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-2108-00000000F001}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039412Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.369{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1F08-00000000F001}6404c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039411Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.369{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1F08-00000000F001}6404c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000039410Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.369{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F74E8589C7E7D13A4A6D7869E36FF2AE,SHA256=97C7892A6D700F2A2C4B238BC33A980875834EC80D9DDDAD19B0A6412C0DD6E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000039409Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.369{7BD73061-665D-613B-E700-00000000F001}2764NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71621EED5749785F721E892B1FF1DCCE,SHA256=9C9EDF63892B95F282EA91556F5D62BD355AA5C8FAA5E84CE7E9341C86922E5E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000039408Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.354{7BD73061-6F23-613B-2008-00000000F001}6085640C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-1F08-00000000F001}6404c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039407Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.354{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-2008-00000000F001}608C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039406Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.338{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1F08-00000000F001}6404c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039405Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.338{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-1F08-00000000F001}6404c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039404Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.338{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1D08-00000000F001}6460c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039403Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.338{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1D08-00000000F001}6460c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039402Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.323{7BD73061-6F23-613B-1E08-00000000F001}65801940C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-1D08-00000000F001}6460c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039401Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.307{7BD73061-65AF-613B-0500-00000000F001}412428C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1E08-00000000F001}6580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039400Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.307{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1D08-00000000F001}6460c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039399Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.307{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-1D08-00000000F001}6460c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039398Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.291{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1B08-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039397Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.291{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1B08-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039396Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.276{7BD73061-6F23-613B-1C08-00000000F001}33444288C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-1B08-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039395Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.276{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1C08-00000000F001}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039394Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.260{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1B08-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039393Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.260{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-1B08-00000000F001}4520c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039392Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.260{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1908-00000000F001}5940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039391Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.260{7BD73061-65B0-613B-0B00-00000000F001}6202908C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1908-00000000F001}5940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039390Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.229{7BD73061-6F23-613B-1A08-00000000F001}3486692C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-1908-00000000F001}5940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039389Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.229{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1A08-00000000F001}348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039388Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.229{7BD73061-65AF-613B-0500-00000000F001}412672C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1908-00000000F001}5940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039387Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.229{7BD73061-6E8E-613B-1307-00000000F001}38364724c:\Windows\syswow64\MsiExec.exe{7BD73061-6F23-613B-1908-00000000F001}5940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIE238.tmp+4f2c(wow64)|C:\Windows\Installer\MSIE238.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a9703(wow64)|C:\Windows\System32\msi.dll+1800e6(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039386Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.213{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1708-00000000F001}2328c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039385Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.213{7BD73061-65B0-613B-0B00-00000000F001}620748C:\Windows\system32\lsass.exe{7BD73061-6F23-613B-1708-00000000F001}2328c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039384Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.198{7BD73061-6F23-613B-1808-00000000F001}62647056C:\Windows\system32\conhost.exe{7BD73061-6F23-613B-1708-00000000F001}2328c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000039383Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local-2021-09-10 14:43:47.182{7BD73061-65AF-613B-0500-00000000F001}412500C:\Windows\system32\csrss.exe{7BD73061-6F23-613B-1808-00000000F001}6264C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000039382Microsoft-Windows-Sysmon/Operationalwin-dc-387.attackrange.local