23542300x80000000000000001528975Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:51.681{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFCF587304154B466EA47B3779C35D9D,SHA256=7CD7B6C5C1987FE4192E38FB110D81195089806B14C444DBB8BE0DFD4EC4F843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001528976Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:52.697{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C4A0F7ED3D1B9F43434183ECFA0254,SHA256=4546EFAA8A9D5B93F068A3C6CDDB7876563917B773876051D0E86C1887A17226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925860Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.324{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2697CCEA2E98A6904C04267DCE1A61A3,SHA256=C04827585E2FA4755A9550066641EA5B4F739743EB972EC83B70CFDC2B24F2D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000925859Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:46.800{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62097-false10.0.1.12-8000- 10341000x8000000000000000925858Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925857Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925856Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925855Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925854Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925853Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925852Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925851Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925850Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925849Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925848Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925847Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925846Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925845Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925844Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925843Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925842Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925841Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925840Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925839Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925838Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925837Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925836Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925835Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925834Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925833Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925832Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925831Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925830Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925829Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925828Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925827Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925826Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925825Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925824Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925823Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925822Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925821Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925820Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925819Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925818Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925817Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925816Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925815Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925814Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925813Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925812Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925811Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925810Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925809Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925808Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925807Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925806Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925805Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925804Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925803Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925802Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925801Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925800Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925799Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925798Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925797Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925796Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528977Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:53.712{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EEC00B8E3BDE9E0A65CE456D1361BC4,SHA256=C961631F11D8B7534DE1E2958A2BA870FE461DA8B7736860D32DBFA8870D7DC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925924Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.457{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBE44884529F4284FD5826F1FDD7E449,SHA256=BF5005B7DCCBEA51883F97DC6AE2ED85C0A9DC9EC79845EC94A7C1A277370B1C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000925923Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925922Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925921Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925920Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925919Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925918Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925917Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925916Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925915Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925914Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925913Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925912Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925911Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925910Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925909Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925908Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925907Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925906Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925905Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925904Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925903Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925902Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925901Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925900Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925899Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925898Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925897Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925896Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925895Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925894Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925893Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925892Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925891Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925890Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925889Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925888Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925887Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.225{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925886Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.225{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925885Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925884Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925883Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925882Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925881Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925880Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925879Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925878Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925877Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925876Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925875Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925874Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925873Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925872Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925871Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925870Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925869Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925868Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925867Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925866Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925865Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925864Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925863Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925862Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925861Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528978Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:54.744{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=172B2A5798CFFA9F223763EF603482F3,SHA256=E0F6A637C564BD0B8D15E4B29E64C6831967625B860E8FC65357633AAE70A987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925988Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.571{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4A54ED8FD179B99DA3C0CACAD241293,SHA256=7B5EB88822F658E98D7D136719E6BCA8968D2E252C256C4FC6201467FE3769A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000925987Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925986Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925985Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925984Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925983Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925982Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925981Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925980Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925979Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925978Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925977Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925976Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925975Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925974Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925973Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925972Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925971Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925970Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925969Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925968Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925967Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925966Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925965Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925964Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925963Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925962Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925961Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925960Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925959Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925958Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925957Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925956Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925955Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925954Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925953Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925952Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925951Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925950Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925949Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925948Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925947Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925946Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925945Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925944Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925943Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925942Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925941Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925940Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925939Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925938Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925937Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925936Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925935Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925934Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925933Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925932Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925931Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925930Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925929Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925928Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925927Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925926Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925925Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528980Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:55.759{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F34E643DE6FD3F83EA71597A7CAAC4C,SHA256=D7FED709AF5698AC6594DE7A2BF42CB5A565C33D3D69488848AF3091ED765179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926052Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.702{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BED64A49892A2C68FAA3B1BAAF43C441,SHA256=E86038035C8103673AF622D2D98048C98A0AA36FC24987CB4FEE57BC180A17F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926051Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926050Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926049Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926048Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926047Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926046Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926045Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926044Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926043Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926042Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926041Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926040Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926039Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926038Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926037Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926036Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926035Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926034Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926033Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926032Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926031Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926030Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926029Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926028Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926027Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926026Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926025Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926024Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926023Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926022Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926021Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926020Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926019Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926018Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926017Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926016Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926015Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926014Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926013Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926012Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926011Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926010Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926009Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926008Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926007Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926006Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926005Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926004Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926003Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926002Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926001Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926000Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925999Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925998Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925997Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925996Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925995Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925994Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925993Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925992Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925991Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925990Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925989Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001528979Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:51.845{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55508-false10.0.1.12-8000- 23542300x80000000000000001528981Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:56.775{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6F40F6639A12A400D362D20ED01D867,SHA256=9094D30D99E19E35740BC56DE67FBD5379DF215E519EFE60048DDCD722A8CAC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926116Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.319{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AABC63469137AC1091754EEDAB9B2618,SHA256=A763D5A4CE76F3CE463C2B50BA65150E3F5B1F7C7B08C5C2079BE1E880CE4A72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926115Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926114Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926113Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926112Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926111Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926110Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926109Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926108Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926107Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926106Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926105Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926104Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926103Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926102Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926101Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926100Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926099Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926098Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926097Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926096Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926095Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926094Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926093Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926092Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926091Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926090Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926089Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926088Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926087Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926086Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926085Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926084Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926083Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926082Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926081Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926080Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926079Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926078Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926077Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926076Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926075Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926074Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926073Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926072Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926071Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926070Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926069Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926068Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926067Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926066Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926065Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926064Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926063Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926062Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926061Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926060Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926059Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926058Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926057Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926056Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926055Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926054Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926053Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528982Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:57.792{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20F5793B14AE13C9E07AD115D742F9E3,SHA256=52D35A7D8EF0192DBB08C7DD921E8251D31BC29C33DBCC5D3155459C11CBE2E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000926293Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:51.873{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62098-false10.0.1.12-8000- 23542300x8000000000000000926292Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.422{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55FC71FBA570444B1A6D167A9C211A7A,SHA256=BCABAB08FD0C43616521C1AF21818F300201FFA266207618A935BA6A0C2D5BB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926291Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926290Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926289Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926288Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926287Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926286Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926285Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926284Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926283Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926282Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926281Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926280Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926279Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926278Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926277Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926276Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926275Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926274Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926273Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926272Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926271Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926270Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926269Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926268Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926267Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926266Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926265Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926264Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926263Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926262Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926261Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926260Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926259Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926258Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926257Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926256Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926255Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926254Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926253Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926252Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926251Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926250Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926249Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926248Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926247Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926246Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926245Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926244Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926243Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926242Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926241Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926240Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926239Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926238Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926237Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926236Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926235Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926234Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926233Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926232Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926231Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926230Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926229Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926228Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926227Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926226Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926225Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926224Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926223Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926222Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926221Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926220Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926219Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926218Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926217Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926216Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926215Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926214Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926213Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926212Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926211Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926210Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926209Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926208Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926207Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926206Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926205Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926204Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926203Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926202Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926201Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926200Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926199Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926198Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926197Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926196Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926195Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926194Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926193Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926192Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926191Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926190Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926189Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926188Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926187Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926186Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926185Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926184Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926183Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926182Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926181Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926180Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926179Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926178Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926177Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926176Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926175Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926174Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926173Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926172Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926171Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926170Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926169Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926168Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926167Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926166Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926165Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926164Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926163Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926162Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926161Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926160Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926159Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926158Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926157Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926156Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926155Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926154Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926153Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926152Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926151Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926150Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926149Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926148Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926147Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926146Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926145Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926144Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926143Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926142Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926141Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926140Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926139Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926138Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926137Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926136Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926135Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926134Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926133Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926132Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926131Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926130Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926129Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926128Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926127Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926126Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926125Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926124Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926123Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926122Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926121Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926120Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926119Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926118Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926117Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528983Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:58.808{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938ADE675FA0C4ECEA72A2B6670A642A,SHA256=247328FC01767D94B7067108401EB6105EA03CE0A7D67F9C31A638D4B5A0C278,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926357Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.554{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57A45E859D6AD7709257BC2B1C35E562,SHA256=A0612D53BE66105AB92785F674C6756841EB5C39F38FD53AC285333C12549F8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926356Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926355Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926354Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926353Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926352Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926351Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926350Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926349Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926348Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926347Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926346Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926345Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926344Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926343Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926342Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926341Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926340Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926339Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926338Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926337Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926336Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926335Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926334Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926333Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926332Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926331Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926330Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926329Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926328Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926327Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926326Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926325Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926324Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926323Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926322Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926321Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926320Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926319Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926318Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926317Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926316Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926315Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926314Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926313Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926312Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926311Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926310Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926309Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926308Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926307Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926306Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926305Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926304Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926303Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926302Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926301Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926300Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926299Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926298Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926297Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926296Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926295Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926294Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001528985Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:56.971{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55509-false10.0.1.12-8000- 23542300x80000000000000001528984Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:59.823{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EC6A930A1FB697FF3843DC752DD8A76,SHA256=1E7B2B8938D45A01CB05C76A9225587FB62B70BAF8CEE78E42CA86159D03F5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926421Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.668{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D06BA0A439EAC71F97708EB105CC01A,SHA256=5833A18C9BF8D49F553CD75075BCD53293B318974F11B7EA125CCA76BA381ABB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926420Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926419Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926418Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926417Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926416Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926415Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926414Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926413Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926412Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926411Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926410Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926409Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926408Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926407Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926406Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926405Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926404Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926403Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926402Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926401Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926400Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926399Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926398Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926397Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926396Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926395Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926394Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926393Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926392Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926391Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926390Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926389Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926388Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926387Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926386Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926385Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926384Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926383Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926382Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926381Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926380Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926379Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926378Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926377Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926376Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926375Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926374Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926373Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926372Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926371Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926370Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926369Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926368Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926367Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926366Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926365Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926364Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926363Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926362Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926361Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926360Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926359Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926358Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528986Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:00.855{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12FB6FF35F6EE2310536EF30B4366AD9,SHA256=629528748C195E2CE4DB655B9DD6F018285B0B0DCFD40E99EECE3DDABF144B16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926485Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.798{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0324D6374BB81D970862E2F1E6A498C,SHA256=579B159520509FCD41C867FED34F2D0E185DB4B2C11716BCA3D0BF7D88C4D3A4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926484Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926483Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926482Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926481Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926480Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926479Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926478Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 103410