23542300x80000000000000001528975Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:51.681{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFCF587304154B466EA47B3779C35D9D,SHA256=7CD7B6C5C1987FE4192E38FB110D81195089806B14C444DBB8BE0DFD4EC4F843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001528976Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:52.697{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C4A0F7ED3D1B9F43434183ECFA0254,SHA256=4546EFAA8A9D5B93F068A3C6CDDB7876563917B773876051D0E86C1887A17226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925860Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.324{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2697CCEA2E98A6904C04267DCE1A61A3,SHA256=C04827585E2FA4755A9550066641EA5B4F739743EB972EC83B70CFDC2B24F2D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000925859Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:46.800{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62097-false10.0.1.12-8000- 10341000x8000000000000000925858Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925857Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925856Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925855Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925854Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925853Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925852Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925851Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925850Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925849Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925848Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925847Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925846Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925845Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925844Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925843Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925842Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925841Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925840Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925839Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925838Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925837Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925836Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925835Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925834Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925833Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925832Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925831Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925830Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925829Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925828Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925827Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925826Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925825Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925824Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925823Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925822Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925821Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925820Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925819Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925818Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925817Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925816Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925815Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925814Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925813Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925812Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925811Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925810Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925809Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925808Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925807Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925806Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925805Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925804Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925803Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925802Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925801Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925800Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925799Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925798Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925797Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925796Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:52.205{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528977Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:53.712{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EEC00B8E3BDE9E0A65CE456D1361BC4,SHA256=C961631F11D8B7534DE1E2958A2BA870FE461DA8B7736860D32DBFA8870D7DC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925924Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.457{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBE44884529F4284FD5826F1FDD7E449,SHA256=BF5005B7DCCBEA51883F97DC6AE2ED85C0A9DC9EC79845EC94A7C1A277370B1C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000925923Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925922Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925921Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925920Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925919Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925918Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925917Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925916Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925915Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925914Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925913Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925912Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925911Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925910Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925909Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925908Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925907Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925906Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925905Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925904Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925903Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925902Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925901Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925900Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925899Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925898Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925897Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925896Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925895Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925894Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925893Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925892Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925891Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925890Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925889Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925888Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.226{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925887Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.225{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925886Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.225{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925885Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925884Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925883Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925882Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925881Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925880Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925879Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925878Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.224{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925877Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925876Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925875Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925874Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925873Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925872Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925871Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925870Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.223{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925869Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925868Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925867Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925866Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925865Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.222{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925864Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925863Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925862Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925861Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:53.221{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528978Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:54.744{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=172B2A5798CFFA9F223763EF603482F3,SHA256=E0F6A637C564BD0B8D15E4B29E64C6831967625B860E8FC65357633AAE70A987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000925988Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.571{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4A54ED8FD179B99DA3C0CACAD241293,SHA256=7B5EB88822F658E98D7D136719E6BCA8968D2E252C256C4FC6201467FE3769A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000925987Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925986Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925985Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925984Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925983Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925982Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925981Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925980Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925979Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925978Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925977Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925976Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925975Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925974Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925973Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925972Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925971Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925970Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925969Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925968Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925967Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925966Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925965Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925964Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925963Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925962Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925961Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925960Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925959Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925958Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925957Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925956Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925955Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925954Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925953Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925952Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925951Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925950Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925949Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925948Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925947Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925946Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925945Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925944Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925943Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925942Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925941Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925940Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925939Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925938Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925937Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925936Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925935Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925934Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925933Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925932Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925931Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925930Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925929Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925928Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925927Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925926Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925925Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:54.241{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528980Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:55.759{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F34E643DE6FD3F83EA71597A7CAAC4C,SHA256=D7FED709AF5698AC6594DE7A2BF42CB5A565C33D3D69488848AF3091ED765179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926052Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.702{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BED64A49892A2C68FAA3B1BAAF43C441,SHA256=E86038035C8103673AF622D2D98048C98A0AA36FC24987CB4FEE57BC180A17F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926051Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926050Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926049Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926048Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926047Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926046Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926045Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926044Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926043Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926042Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926041Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926040Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926039Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926038Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926037Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926036Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926035Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926034Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926033Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926032Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926031Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926030Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926029Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926028Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926027Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926026Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926025Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926024Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926023Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926022Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926021Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926020Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926019Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926018Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926017Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926016Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926015Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926014Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926013Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926012Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926011Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926010Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926009Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926008Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926007Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926006Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926005Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926004Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926003Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926002Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926001Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926000Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925999Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925998Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925997Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925996Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925995Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925994Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925993Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925992Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925991Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925990Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000925989Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:55.255{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001528979Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:51.845{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55508-false10.0.1.12-8000- 23542300x80000000000000001528981Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:56.775{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6F40F6639A12A400D362D20ED01D867,SHA256=9094D30D99E19E35740BC56DE67FBD5379DF215E519EFE60048DDCD722A8CAC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926116Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.319{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AABC63469137AC1091754EEDAB9B2618,SHA256=A763D5A4CE76F3CE463C2B50BA65150E3F5B1F7C7B08C5C2079BE1E880CE4A72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926115Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926114Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926113Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926112Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926111Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926110Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926109Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926108Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926107Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926106Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926105Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926104Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926103Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926102Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926101Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926100Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926099Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926098Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926097Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926096Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926095Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926094Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926093Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926092Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926091Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926090Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926089Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926088Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926087Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926086Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926085Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926084Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926083Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926082Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926081Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926080Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926079Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926078Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926077Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926076Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926075Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926074Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926073Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926072Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926071Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926070Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926069Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926068Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926067Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926066Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926065Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926064Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926063Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926062Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926061Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926060Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926059Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926058Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926057Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926056Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926055Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926054Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926053Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:56.270{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528982Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:57.792{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20F5793B14AE13C9E07AD115D742F9E3,SHA256=52D35A7D8EF0192DBB08C7DD921E8251D31BC29C33DBCC5D3155459C11CBE2E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000926293Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:51.873{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62098-false10.0.1.12-8000- 23542300x8000000000000000926292Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.422{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55FC71FBA570444B1A6D167A9C211A7A,SHA256=BCABAB08FD0C43616521C1AF21818F300201FFA266207618A935BA6A0C2D5BB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926291Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926290Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926289Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926288Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926287Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926286Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926285Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926284Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926283Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926282Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926281Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926280Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926279Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926278Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926277Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926276Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926275Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926274Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926273Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926272Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926271Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926270Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926269Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926268Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926267Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926266Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926265Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926264Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926263Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926262Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926261Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926260Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926259Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926258Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926257Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926256Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926255Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926254Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926253Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926252Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926251Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926250Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926249Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926248Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926247Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926246Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926245Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926244Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926243Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926242Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926241Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926240Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926239Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926238Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926237Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926236Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926235Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926234Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926233Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926232Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926231Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926230Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926229Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926228Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926227Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926226Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926225Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926224Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926223Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926222Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926221Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926220Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926219Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926218Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926217Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926216Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926215Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926214Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926213Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926212Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926211Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926210Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926209Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926208Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926207Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926206Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926205Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926204Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926203Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926202Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926201Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926200Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926199Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926198Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926197Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926196Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926195Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926194Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926193Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926192Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926191Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926190Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926189Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926188Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926187Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926186Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926185Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926184Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926183Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926182Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926181Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926180Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.301{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926179Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926178Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926177Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926176Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926175Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926174Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926173Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926172Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926171Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926170Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926169Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926168Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926167Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926166Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926165Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926164Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926163Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926162Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926161Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926160Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926159Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926158Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926157Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926156Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926155Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926154Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926153Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926152Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926151Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926150Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926149Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926148Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926147Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926146Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926145Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926144Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926143Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926142Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926141Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926140Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926139Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926138Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926137Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926136Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926135Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926134Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926133Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926132Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926131Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926130Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926129Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926128Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926127Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926126Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926125Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926124Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926123Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926122Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926121Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926120Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926119Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926118Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926117Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.285{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528983Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:58.808{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938ADE675FA0C4ECEA72A2B6670A642A,SHA256=247328FC01767D94B7067108401EB6105EA03CE0A7D67F9C31A638D4B5A0C278,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926357Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.554{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57A45E859D6AD7709257BC2B1C35E562,SHA256=A0612D53BE66105AB92785F674C6756841EB5C39F38FD53AC285333C12549F8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926356Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926355Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926354Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926353Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926352Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926351Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926350Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926349Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926348Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926347Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926346Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926345Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926344Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926343Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926342Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926341Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926340Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926339Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926338Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926337Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926336Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926335Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926334Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926333Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926332Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926331Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926330Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926329Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926328Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926327Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926326Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926325Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926324Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926323Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926322Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926321Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926320Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.322{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926319Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926318Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926317Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926316Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926315Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926314Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926313Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926312Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.321{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926311Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926310Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926309Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926308Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926307Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926306Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926305Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926304Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926303Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.320{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926302Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926301Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926300Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926299Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.319{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926298Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926297Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926296Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926295Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926294Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:58.318{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001528985Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:56.971{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55509-false10.0.1.12-8000- 23542300x80000000000000001528984Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:47:59.823{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EC6A930A1FB697FF3843DC752DD8A76,SHA256=1E7B2B8938D45A01CB05C76A9225587FB62B70BAF8CEE78E42CA86159D03F5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926421Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.668{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D06BA0A439EAC71F97708EB105CC01A,SHA256=5833A18C9BF8D49F553CD75075BCD53293B318974F11B7EA125CCA76BA381ABB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926420Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926419Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926418Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926417Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926416Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926415Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926414Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926413Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926412Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926411Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926410Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926409Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926408Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926407Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926406Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926405Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926404Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926403Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926402Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926401Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926400Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926399Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926398Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926397Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926396Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926395Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926394Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926393Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926392Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926391Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926390Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926389Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926388Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926387Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926386Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926385Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926384Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926383Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926382Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926381Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926380Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926379Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926378Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926377Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926376Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926375Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926374Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926373Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926372Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926371Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926370Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926369Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926368Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926367Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926366Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926365Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926364Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926363Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926362Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926361Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926360Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926359Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926358Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:59.337{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528986Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:00.855{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12FB6FF35F6EE2310536EF30B4366AD9,SHA256=629528748C195E2CE4DB655B9DD6F018285B0B0DCFD40E99EECE3DDABF144B16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926485Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.798{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0324D6374BB81D970862E2F1E6A498C,SHA256=579B159520509FCD41C867FED34F2D0E185DB4B2C11716BCA3D0BF7D88C4D3A4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926484Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926483Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926482Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926481Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926480Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926479Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926478Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926477Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926476Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926475Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926474Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926473Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926472Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926471Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926470Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926469Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926468Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926467Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926466Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926465Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926464Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926463Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926462Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926461Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926460Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926459Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926458Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926457Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926456Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926455Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926454Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926453Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926452Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926451Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926450Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926449Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926448Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926447Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926446Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926445Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926444Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926443Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926442Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926441Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926440Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926439Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926438Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926437Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926436Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926435Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926434Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926433Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926432Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926431Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926430Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926429Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926428Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926427Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926426Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926425Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926424Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926423Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926422Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:00.351{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528988Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:01.870{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90EB6908F6A15D88C659847F8BF40A24,SHA256=2B7FC9B9F2F1ED60F5D35B2051ACB6A78EEB959CD3C28275FB2BACEEF69C5121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000926549Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.934{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8EBF906788249AECD3F1146BCE21DB,SHA256=4E06ADA83CEDB6B84FBB3C8E5EAA74F0DB3CCEA18D82F5B4EFA742A0CD7001DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001528987Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:01.605{3EC130A3-53AA-6102-2100-00000000E901}2032NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=FC968C1B0999BC4B65156467EA599674,SHA256=9DBAA1F2F783216101A44D7C7FB9BEAE68C52243072DF33B19BF4C5D6ABCBC1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926548Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926547Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926546Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926545Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926544Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926543Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926542Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926541Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926540Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926539Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926538Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926537Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926536Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926535Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926534Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926533Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926532Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926531Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926530Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926529Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926528Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926527Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926526Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926525Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926524Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926523Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926522Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926521Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926520Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926519Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926518Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926517Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926516Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926515Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926514Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926513Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926512Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926511Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926510Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926509Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926508Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926507Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926506Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926505Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926504Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926503Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926502Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926501Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926500Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926499Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926498Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926497Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926496Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926495Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926494Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926493Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926492Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926491Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926490Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926489Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926488Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926487Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926486Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.366{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528989Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:02.902{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DD4C204E300C87C56F99760EDBAB261,SHA256=4B7B63BAB98520FCF288D2651612202FDA921C5C33D779B13C792B9A6912E881,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926612Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926611Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926610Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926609Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926608Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926607Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926606Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926605Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926604Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926603Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926602Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926601Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926600Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926599Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926598Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926597Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926596Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926595Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926594Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926593Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926592Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926591Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926590Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926589Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926588Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926587Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926586Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926585Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926584Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926583Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926582Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926581Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926580Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926579Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926578Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926577Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926576Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926575Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926574Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926573Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926572Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926571Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926570Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926569Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926568Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926567Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926566Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926565Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926564Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926563Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926562Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926561Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926560Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926559Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926558Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926557Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926556Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926555Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926554Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926553Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926552Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926551Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926550Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.380{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528991Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:03.933{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5B501DF23C8E65A961EDD23C6846C5D,SHA256=8DB7862EA0A3C6086CA7783B9BE623DFAFE8877BB2E5AF6F49E0C98C23F5234B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926677Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926676Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926675Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926674Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926673Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926672Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926671Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926670Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926669Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926668Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926667Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926666Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926665Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926664Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926663Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926662Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926661Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926660Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926659Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926658Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926657Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926656Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926655Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926654Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926653Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926652Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926651Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926650Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926649Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926648Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926647Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926646Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926645Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926644Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926643Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926642Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926641Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926640Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926639Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926638Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926637Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926636Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926635Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926634Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926633Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926632Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926631Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926630Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926629Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926628Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926627Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926626Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926625Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926624Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926623Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926622Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926621Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926620Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926619Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926618Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926617Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926616Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926615Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.395{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000926614Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:47:57.805{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62099-false10.0.1.12-8000- 23542300x8000000000000000926613Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:03.033{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE6085C9ECC98FCA32412AAE559A62B1,SHA256=2C36B835AD618A77DC6220B4D8D0D26201826238C42508691CEAFCF0BCE17F30,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001528990Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:00.315{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55510-false10.0.1.12-8089- 23542300x80000000000000001528992Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:04.948{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FECC9773632D8A7BE304A1C2A9E5004,SHA256=DB0ED0B85493B4DF3958E01C30AB98743421EF8D6E96A529343B252EDE5B318C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926741Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926740Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926739Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926738Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926737Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926736Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926735Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926734Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926733Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926732Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926731Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926730Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926729Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926728Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926727Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926726Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926725Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926724Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926723Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926722Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926721Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926720Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926719Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926718Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926717Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926716Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926715Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926714Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926713Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926712Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926711Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926710Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926709Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926708Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926707Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.415{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926706Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.414{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926705Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.414{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926704Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.414{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926703Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926702Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926701Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926700Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926699Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926698Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926697Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926696Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.413{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926695Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926694Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926693Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926692Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926691Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926690Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926689Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926688Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.412{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926687Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.411{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926686Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.411{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926685Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.411{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926684Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.411{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926683Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.411{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926682Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.410{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926681Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.410{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926680Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.410{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926679Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.410{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000926678Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:04.147{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72365D1F9B7EDE25338B9CBFCB219317,SHA256=83CC9DBC796711EB929F5CCEF48FC0F7228E639C7372405BD9DB69ADC288537A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001528993Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:05.980{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=233DA9274326019790144EB17C6A7318,SHA256=AADE69349DB482BD18222E3B6C090E55E0263EFD701A08C7B8A07865951963FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926805Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926804Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926803Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926802Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926801Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926800Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926799Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926798Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926797Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926796Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926795Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926794Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926793Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926792Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926791Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926790Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926789Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926788Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926787Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926786Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926785Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926784Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926783Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926782Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926781Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926780Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926779Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926778Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926777Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926776Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926775Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926774Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926773Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926772Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926771Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926770Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926769Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926768Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926767Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926766Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926765Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926764Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926763Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926762Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926761Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926760Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926759Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926758Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926757Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926756Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926755Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926754Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926753Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926752Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926751Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926750Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926749Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926748Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926747Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926746Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926745Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926744Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926743Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.429{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000926742Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:05.261{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E61C753DB8F373D236D9E8B63C3E43E5,SHA256=ECC97B53AB0FCEAC5A732016CCA4E8C58DFCEACC41DCE56D46C031726848C1ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001528995Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:06.980{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54470CCF7631FED9ABACF5571BE5908E,SHA256=B3BDB00D669146EC73221573C074D54903B66260B866BF289C6D1812883DE821,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000926870Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:01.922{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse1.116.153.82-55747-false10.0.1.14win-dc-888.attackrange.local3389ms-wbt-server 10341000x8000000000000000926869Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926868Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926867Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926866Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926865Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926864Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926863Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926862Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926861Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926860Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926859Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926858Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926857Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926856Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926855Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926854Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926853Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926852Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926851Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926850Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926849Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926848Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926847Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926846Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926845Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926844Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926843Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926842Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926841Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926840Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926839Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926838Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926837Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926836Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926835Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926834Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926833Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926832Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926831Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926830Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926829Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926828Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926827Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926826Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926825Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926824Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926823Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926822Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926821Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926820Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926819Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926818Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926817Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926816Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926815Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926814Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926813Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926812Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926811Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926810Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926809Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926808Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926807Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.444{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000926806Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:06.391{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06FC1482801FAE7164F6D29C41495562,SHA256=29B7263B12F3F4660FB3B302325C4F7C64D450099F997308B70595E2AF3C2C58,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001528994Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:02.862{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55511-false10.0.1.12-8000- 23542300x80000000000000001528996Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:07.995{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55F41637733E030D79C04E014E8FCFCE,SHA256=1945D67AED8CEAA63930143F531467FD4DC8CCB004ADCAA2E55E166650AF3963,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000927050Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.627{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hxb52wrv.default-release\SiteSecurityServiceState.txt2021-07-29 15:48:03.686 23542300x8000000000000000927049Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.627{014657FA-CC84-6102-DA0E-00000000E801}5036ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hxb52wrv.default-release\SiteSecurityServiceState.txtMD5=244BBE2324AA26AAD0B38AF99A239624,SHA256=7B396E8E50E790B7936FEFF119DC96FA28E32C7B89F2D0F0356461F1F7EEB395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927048Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.543{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0B3B0F2B450B5F3533696A53E1E2E19,SHA256=8C79D7B369D6DB7E45773582C693F86840C1A5797F6A57C98D9097B77BF64C27,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000927047Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:02.865{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62100-false10.0.1.12-8000- 10341000x8000000000000000927046Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927045Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927044Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927043Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927042Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927041Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927040Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927039Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927038Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927037Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927036Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927035Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927034Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927033Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927032Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927031Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927030Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927029Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927028Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927027Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927026Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927025Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927024Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927023Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927022Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927021Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927020Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927019Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927018Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927017Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927016Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927015Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927014Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927013Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927012Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927011Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927010Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927009Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927008Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927007Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927006Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927005Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927004Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927003Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927002Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927001Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927000Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926999Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926998Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000926997Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD68384B208A70CFFAEFF09E3F62C331,SHA256=11802D84B5E9A8F050DC75E2062CE9155D8E74B3076DF8218B1AA43EE8D75346,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000926996Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926995Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926994Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926993Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926992Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926991Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926990Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926989Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926988Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926987Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926986Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926985Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926984Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926983Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926982Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926981Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926980Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926979Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926978Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926977Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926976Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926975Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926974Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926973Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.490{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926972Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926971Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926970Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926969Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926968Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926967Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926966Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926965Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926964Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926963Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926962Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926961Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926960Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926959Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926958Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926957Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926956Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926955Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926954Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926953Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926952Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926951Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926950Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926949Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926948Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926947Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926946Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926945Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926944Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926943Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926942Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926941Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926940Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926939Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926938Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926937Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926936Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926935Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926934Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926933Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926932Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926931Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926930Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926929Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926928Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926927Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926926Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926925Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926924Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926923Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926922Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926921Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926920Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926919Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926918Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926917Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926916Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926915Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926914Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926913Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926912Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926911Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926910Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926909Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926908Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926907Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926906Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926905Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926904Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926903Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926902Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926901Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926900Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926899Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926898Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926897Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926896Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926895Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926894Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926893Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926892Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926891Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926890Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926889Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926888Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926887Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926886Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926885Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926884Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926883Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926882Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926881Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926880Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926879Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926878Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926877Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926876Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926875Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926874Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926873Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926872Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000926871Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.474{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927114Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927113Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927112Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927111Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927110Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927109Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927108Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927107Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927106Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927105Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927104Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927103Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927102Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927101Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927100Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927099Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927098Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927097Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927096Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927095Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927094Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927093Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927092Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927091Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927090Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927089Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927088Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927087Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927086Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927085Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927084Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927083Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927082Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927081Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927080Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.511{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927079Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927078Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927077Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927076Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927075Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927074Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.510{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927073Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927072Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927071Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927070Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927069Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927068Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927067Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927066Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927065Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.509{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927064Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927063Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927062Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927061Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927060Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927059Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.508{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927058Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.507{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927057Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.507{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927056Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.507{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927055Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.507{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927054Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.507{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927053Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.506{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927052Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.506{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927051Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:08.489{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD303620992D1EE8B44636DA180A8B7B,SHA256=27FB7F55F0D22F0931FA819F8AC7C07B4F0C921F9D2859A53FF8028AFCED21C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927178Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.788{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D35EFFE541D66BB0B50B3912A7FDA25,SHA256=A13717A74BAAC82DA4B7FD4A5B155349CC35989A502802830A94F6E1253A411F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927177Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927176Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927175Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927174Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927173Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927172Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927171Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927170Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927169Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927168Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927167Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927166Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927165Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927164Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927163Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927162Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927161Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927160Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927159Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927158Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927157Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927156Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927155Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927154Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927153Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927152Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927151Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927150Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927149Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927148Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927147Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927146Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927145Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927144Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927143Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927142Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927141Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927140Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927139Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927138Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927137Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927136Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927135Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927134Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927133Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927132Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927131Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927130Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927129Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927128Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927127Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927126Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927125Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927124Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927123Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927122Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927121Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927120Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927119Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927118Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927117Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927116Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927115Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.526{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528997Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:09.011{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57CBE8297BA796576EE28148165DEC9D,SHA256=4CD2E9512EF5DF9217881E30546F3EDF7B4677DD976AB8F236ABC48B0C77ABD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927243Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.925{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBE2136FC67A459706421A20EA63FF3B,SHA256=5A0EF0D651D499327AA88A48DB8F3B53F6D98A743C885F01D2208AD8986AD866,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927242Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927241Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927240Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927239Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927238Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927237Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927236Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927235Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927234Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927233Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927232Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927231Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927230Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927229Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927228Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927227Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927226Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927225Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927224Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927223Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927222Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927221Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927220Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927219Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927218Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927217Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927216Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927215Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927214Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927213Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927212Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927211Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927210Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927209Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927208Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927207Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927206Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927205Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927204Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927203Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927202Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927201Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927200Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927199Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927198Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927197Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927196Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927195Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927194Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927193Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927192Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927191Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927190Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927189Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927188Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927187Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927186Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927185Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927184Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927183Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927182Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927181Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927180Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.541{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001528998Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:10.027{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28DAEC026ED21FC2D8297518C67B298E,SHA256=D83CE5120DDBDC5EA51C717CD0147F2286FC9F4D0831851B40C0D62940EB3386,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927179Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:10.472{014657FA-53B9-6102-2400-00000000E801}2740NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=FC968C1B0999BC4B65156467EA599674,SHA256=9DBAA1F2F783216101A44D7C7FB9BEAE68C52243072DF33B19BF4C5D6ABCBC1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927306Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927305Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927304Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927303Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927302Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927301Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927300Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927299Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927298Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927297Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927296Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927295Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927294Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927293Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927292Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927291Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927290Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927289Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927288Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927287Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927286Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927285Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927284Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927283Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927282Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927281Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927280Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927279Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927278Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927277Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927276Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927275Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927274Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927273Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927272Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927271Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927270Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927269Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927268Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927267Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927266Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927265Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927264Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927263Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927262Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927261Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927260Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927259Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927258Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927257Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927256Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927255Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927254Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927253Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927252Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927251Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927250Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927249Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927248Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927247Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927246Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927245Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927244Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:11.556{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001529000Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:08.800{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55512-false10.0.1.12-8000- 23542300x80000000000000001528999Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:11.058{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F33F7A7D9CF798223809DE82C653C09D,SHA256=BBC4B6C296CF142C5842D9FA57709AEDD09C4EF475C93575567A6D911312E83B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000927374Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.961{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62102-false10.0.1.12-8000- 354300x8000000000000000927373Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:07.211{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62101-false10.0.1.12-8089- 23542300x8000000000000000927372Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.670{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=835D55E82EF220599EC035C3F20132B2,SHA256=67AF411CDD2EB1FA5C36BCB071312EC64BA6B3CA76DEE5B10A4F2C7428A2A0E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927371Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.639{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA3808F4449555E2E1D977C2CC099C2D,SHA256=FA3C5DB4F806566A8FA36BEC2FE90DE5120F30B72AF5BBEAA3479595FA6B3D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529001Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:12.073{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FFB2137F63CEC30FE09724072F2BD67,SHA256=A65FAAF8695E10A1AA540E980DA0510D6F36B59F83E86F84C1692FDE1D97A2F0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927370Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927369Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927368Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927367Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927366Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927365Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927364Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927363Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927362Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927361Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927360Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927359Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927358Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927357Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927356Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927355Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927354Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927353Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927352Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927351Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927350Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927349Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927348Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927347Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927346Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927345Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927344Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927343Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927342Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927341Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927340Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927339Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927338Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927337Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927336Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927335Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927334Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927333Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927332Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927331Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927330Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927329Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927328Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927327Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927326Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927325Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927324Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927323Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927322Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927321Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927320Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927319Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927318Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927317Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927316Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927315Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927314Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927313Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927312Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927311Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927310Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927309Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927308Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.570{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927307Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:12.039{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2EB038A117F26921E65144EFF17DDA9,SHA256=CCE4A0FCEE712D86B91C012A8CC18DAA789750BEEBB10A4E6B1B3FCC6B054FA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927439Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.807{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E92D4B66213E6CB3597577FAF31E01,SHA256=D5453B53281E0AAA25B01CB595E6FA27455C6752FAD7A5F68F81E0BA3ECD2CFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927438Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.805{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=405FD8E8FB465CDFA492056A5D00D042,SHA256=A704FC2627BBB9FF3AD4FF2B896F2503C7DB858EA1100E4B65F6BF92073E4E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529002Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:13.105{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5D56BFDF6BC4423879CD37AD261992B,SHA256=BA0ABE79DE16D494843B3EF5C002927CCEBB78F65A9CC6756522C20C6781C8B4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927437Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927436Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927435Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927434Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927433Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927432Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927431Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927430Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927429Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927428Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927427Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927426Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927425Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927424Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927423Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927422Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927421Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927420Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927419Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927418Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927417Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927416Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927415Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927414Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927413Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927412Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927411Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927410Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927409Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927408Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927407Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927406Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927405Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927404Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927403Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927402Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927401Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927400Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927399Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927398Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927397Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927396Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927395Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927394Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927393Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927392Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927391Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927390Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927389Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927388Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927387Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927386Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927385Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927384Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927383Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927382Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927381Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927380Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927379Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927378Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927377Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927376Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927375Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.586{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927507Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.953{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B708B4AD61564722F308389FEBEC691D,SHA256=B84016BFFA00D685FC269A3AF799D6508918B8B40E2F4CB87CE93884B46C9755,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927506Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.953{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3DE5E52A9086552E0DEBC5ACEB1E1EC,SHA256=7872E1EC798431B5D0EC5C712FD8E16918FB1844B1CEFDA1289222A5145D09F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529003Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:14.120{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E93640A16E162BE642A73B22BCB8B69C,SHA256=D1862E744374832EE67C62F37FD383B5B3212ADFC06330786CAF8EBB3DBBA03E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000927505Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.509{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-888.attackrange.local62103-true0:0:0:0:0:0:0:1win-dc-888.attackrange.local389ldap 354300x8000000000000000927504Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.509{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-888.attackrange.local62103-true0:0:0:0:0:0:0:1win-dc-888.attackrange.local389ldap 354300x8000000000000000927503Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:09.456{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse120.226.5.83-54395-false10.0.1.14win-dc-888.attackrange.local3389ms-wbt-server 10341000x8000000000000000927502Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927501Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927500Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927499Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927498Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927497Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927496Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927495Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927494Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927493Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927492Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927491Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927490Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927489Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927488Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927487Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927486Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927485Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927484Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927483Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927482Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927481Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927480Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927479Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927478Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927477Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927476Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927475Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927474Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927473Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927472Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927471Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927470Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927469Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927468Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.606{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927467Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.605{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927466Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.605{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927465Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.605{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927464Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.605{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927463Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.605{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927462Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927461Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927460Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927459Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927458Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927457Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927456Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927455Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927454Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.604{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927453Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927452Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927451Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927450Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927449Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927448Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927447Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.603{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927446Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927445Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927444Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927443Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927442Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927441Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.602{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927440Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:14.601{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529004Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:15.152{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8C54F3B1920D8242283E5A8FCBC618A,SHA256=300C8FBF9BCCFF3E81C756BA5DCD1D04EC5044F340BA859AF69137F722DD79AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927570Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927569Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927568Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927567Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927566Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927565Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927564Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927563Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927562Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927561Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927560Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927559Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927558Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927557Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927556Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927555Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927554Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927553Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927552Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927551Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927550Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927549Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927548Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927547Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927546Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927545Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927544Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927543Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927542Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927541Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927540Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927539Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927538Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927537Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927536Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927535Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927534Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927533Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927532Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927531Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927530Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927529Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927528Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927527Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927526Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927525Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927524Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927523Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927522Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927521Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927520Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927519Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927518Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927517Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927516Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927515Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927514Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927513Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927512Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927511Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927510Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927509Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927508Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.622{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001529006Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:13.940{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55513-false10.0.1.12-8000- 23542300x80000000000000001529005Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:16.167{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=851BF1F99F8A4A7E6C545E3C63BFCD20,SHA256=5D6C29215A4D670B110FB5285E335F269620B3B0902C1FA75E18D72BC79B5F19,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927634Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927633Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927632Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927631Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927630Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927629Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927628Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927627Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927626Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927625Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927624Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927623Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927622Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927621Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927620Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927619Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927618Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927617Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927616Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927615Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927614Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927613Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927612Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927611Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927610Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927609Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927608Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927607Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927606Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927605Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927604Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927603Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927602Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927601Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927600Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927599Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927598Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927597Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927596Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927595Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927594Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927593Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927592Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927591Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927590Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927589Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927588Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927587Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927586Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927585Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927584Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927583Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927582Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927581Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927580Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927579Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927578Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927577Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927576Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927575Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927574Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927573Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927572Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.636{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927571Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:16.102{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B33805E50F704BC817896F0C6426D231,SHA256=F3ACC93806A2DB76B57A64CC7F1217600098C07BB8FB6C5F464703E7F447A73A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927811Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.835{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F528CFEBD405EBFD9ACC3A9682BA414,SHA256=C0FD2E4811CC286BE2D0F528DB8E958D36CD664AFC9B58972D9ACB2DDF0CB026,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927810Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927809Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927808Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927807Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927806Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927805Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927804Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927803Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927802Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927801Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927800Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927799Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927798Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927797Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529007Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:17.183{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D5DD478C8D2B24F581562103DDF66D3,SHA256=40BB5EB9E713F50973FB49D9B2FAA9FB563CEC695FD3C7E72FA236E7AA0CC9C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000927796Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927795Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927794Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927793Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927792Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927791Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927790Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927789Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927788Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927787Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927786Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927785Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927784Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927783Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927782Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927781Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927780Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927779Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927778Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927777Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927776Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927775Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927774Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927773Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927772Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927771Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927770Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927769Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927768Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927767Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927766Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.666{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927765Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927764Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927763Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927762Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927761Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927760Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927759Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927758Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927757Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927756Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927755Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927754Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927753Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927752Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927751Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927750Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927749Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927748Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927747Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927746Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927745Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927744Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927743Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927742Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927741Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927740Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927739Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927738Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927737Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927736Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927735Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927734Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927733Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927732Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927731Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927730Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927729Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927728Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927727Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927726Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927725Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927724Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927723Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927722Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927721Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927720Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927719Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927718Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927717Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927716Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927715Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927714Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927713Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927712Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927711Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927710Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927709Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927708Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927707Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927706Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927705Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927704Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927703Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927702Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927701Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927700Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927699Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927698Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927697Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927696Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927695Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927694Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927693Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927692Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927691Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927690Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927689Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927688Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927687Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927686Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927685Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927684Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927683Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927682Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927681Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927680Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927679Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927678Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927677Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927676Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927675Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927674Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927673Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927672Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927671Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927670Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927669Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927668Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927667Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927666Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927665Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927664Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927663Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927662Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927661Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927660Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927659Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927658Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927657Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927656Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927655Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927654Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927653Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927652Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927651Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927650Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927649Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927648Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927647Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927646Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927645Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927644Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927643Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927642Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927641Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927640Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927639Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927638Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927637Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927636Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.651{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927635Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:17.235{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=631B4C5F3ED7B4F6AA6D40CF15532B36,SHA256=6606C8DA3EA4B810D4D5B7D64718EAAAE68A62759ED4D7B17A2988BA0D9EB822,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000927876Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:13.852{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62104-false10.0.1.12-8000- 10341000x8000000000000000927875Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927874Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927873Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927872Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927871Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927870Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927869Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927868Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927867Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927866Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927865Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927864Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927863Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927862Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927861Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927860Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927859Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927858Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927857Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927856Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927855Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927854Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927853Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927852Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927851Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927850Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927849Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927848Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927847Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927846Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927845Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927844Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927843Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927842Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927841Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927840Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927839Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927838Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927837Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927836Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927835Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927834Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927833Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927832Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927831Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927830Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927829Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927828Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927827Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927826Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927825Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927824Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927823Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927822Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927821Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927820Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927819Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927818Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927817Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927816Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927815Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927814Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927813Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.680{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927812Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.250{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD6512EAEC3173DFB08EA6F52FD252B1,SHA256=4644F203229C60513323FA9D60754157583378E7C80112F2772C3D94DAF5EEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529008Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:18.245{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=250B0E66C8A1552D31F339C0798BE59C,SHA256=3728255AA8588A45D3B996764877BEC7B7EE017CD825B2C522543B97A4FAA687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529009Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:19.261{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=334EC7A2D952A1B0B6CCF354D9040BAB,SHA256=8E7FD4C182B208D77BC940EE8251C9448C3C4198B5E34DF8009C1E8EBA342453,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000927941Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:15.103{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.41.82-38316-false10.0.1.14win-dc-888.attackrange.local3389ms-wbt-server 10341000x8000000000000000927940Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927939Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927938Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927937Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927936Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927935Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927934Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927933Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927932Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927931Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927930Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927929Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927928Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927927Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927926Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927925Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927924Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927923Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927922Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927921Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927920Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927919Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927918Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927917Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927916Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927915Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927914Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927913Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927912Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927911Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927910Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927909Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927908Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927907Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927906Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.701{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927905Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.700{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927904Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.700{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927903Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.700{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927902Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.700{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927901Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.700{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927900Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927899Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927898Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927897Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927896Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927895Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927894Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927893Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927892Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.699{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927891Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927890Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927889Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927888Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927887Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927886Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927885Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927884Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.698{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927883Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.697{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927882Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.697{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927881Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.697{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927880Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.697{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927879Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.697{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927878Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.696{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927877Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:19.548{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11E5F3AD1189DE14AF27600258879BF8,SHA256=20FE694C5F704C49218129EA6924B507FD9DE38E512095EEBF15F2310A233891,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928008Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928007Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928006Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928005Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928004Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928003Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928002Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928001Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928000Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927999Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927998Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927997Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927996Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927995Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927994Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927993Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927992Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927991Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927990Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927989Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927988Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927987Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927986Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927985Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927984Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927983Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927982Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927981Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927980Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927979Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927978Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927977Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927976Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927975Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927974Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927973Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927972Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927971Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927970Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927969Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927968Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927967Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927966Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927965Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927964Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927963Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927962Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927961Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927960Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927959Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927958Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927957Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927956Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927955Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927954Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927953Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927952Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927951Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927950Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927949Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927948Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927947Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000927946Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.716{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000927945Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.679{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=192E4129B92A3946DA531DD9333459E6,SHA256=BCFB95E2E3147345C99DB2C3FDBAE50B66E58DA629B38D687E4F1B260A83CDA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927944Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.679{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22345378CF7A4CB0897F9B2991509A4F,SHA256=9B79939C8657AF5C9720A39929691EC05FB98346FC2B2AC8530861F1B96BBF8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529010Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:20.292{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5E74B5B45994999BE0C52B82D5E5141,SHA256=B1DD50838BCE573BD7905D18CBB477E3F017A6BAFEF7B84F2431C4C233E357B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927943Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.164{014657FA-CC84-6102-DA0E-00000000E801}5036ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hxb52wrv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000927942Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:20.164{014657FA-CC84-6102-DA0E-00000000E801}5036ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hxb52wrv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=1CBF171B47C385EC14A112F3C4F2E3DF,SHA256=7DEA018E0D07B25E28973DEFE4C512DBEA2603618F0012DABEC72A58362D0BB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000928072Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.830{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F97699019A08244530F4F148E1EC424E,SHA256=D2CEAB990161DFAEFB90A0C388A363E57E30C16DB4D30B6D8D4C61643083E928,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928071Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928070Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928069Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928068Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928067Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928066Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928065Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928064Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928063Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928062Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928061Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928060Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928059Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928058Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928057Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928056Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928055Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928054Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928053Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928052Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928051Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928050Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928049Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928048Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928047Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928046Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928045Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928044Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928043Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928042Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928041Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928040Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928039Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928038Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928037Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928036Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928035Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928034Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928033Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928032Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928031Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928030Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928029Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928028Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928027Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928026Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928025Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928024Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928023Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928022Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928021Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928020Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928019Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928018Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928017Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928016Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928015Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928014Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928013Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928012Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928011Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928010Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928009Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:21.731{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529011Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:21.308{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81603249FA7AA5F8437F703AC583ED61,SHA256=31138177DE2443EF0CE8A9B9FBBBF36520A2E7CE5CC1D9E6019D4AE8EB4CAAE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000928136Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.945{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4D363210801DB42466D1AC8FF6C713D,SHA256=FCF59B0B9FE2A378D6DE852D47C63B64AE7576385462DA162C3C0EA84D08AF1E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928135Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928134Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928133Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928132Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928131Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928130Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928129Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928128Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928127Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928126Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928125Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928124Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928123Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928122Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928121Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928120Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928119Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928118Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928117Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928116Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928115Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928114Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928113Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928112Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928111Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928110Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928109Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928108Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928107Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928106Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928105Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928104Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928103Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928102Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928101Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928100Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928099Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928098Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928097Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928096Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928095Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928094Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928093Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928092Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928091Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928090Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928089Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928088Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928087Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928086Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928085Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928084Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928083Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928082Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928081Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928080Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928079Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928078Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928077Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928076Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928075Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928074Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928073Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:22.745{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529021Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.777{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-0326-6104-CC33-00000000E901}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529020Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529019Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529018Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529017Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529016Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53A9-6102-0500-00000000E901}412428C:\Windows\system32\csrss.exe{3EC130A3-0326-6104-CC33-00000000E901}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529015Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.761{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-0326-6104-CC33-00000000E901}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529014Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.762{3EC130A3-0326-6104-CC33-00000000E901}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001529013Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:19.877{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55514-false10.0.1.12-8000- 23542300x80000000000000001529012Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:22.323{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F4B88BDB6DBAA473989DDBEC9F1C98C,SHA256=76926AC1022A0A0B5A88728A5CFA7B27191BC53124719E92465BB1212886A43C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928199Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928198Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928197Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928196Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928195Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928194Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928193Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928192Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928191Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928190Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928189Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928188Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928187Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928186Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928185Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928184Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928183Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928182Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928181Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928180Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928179Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928178Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928177Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928176Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928175Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928174Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928173Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928172Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928171Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928170Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928169Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928168Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928167Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928166Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928165Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928164Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928163Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928162Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928161Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928160Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928159Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928158Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928157Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928156Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928155Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928154Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928153Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928152Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928151Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928150Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928149Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928148Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928147Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928146Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928145Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928144Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928143Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928142Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928141Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928140Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928139Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928138Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928137Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:23.760{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529022Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:23.355{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=200B81D9776BDFC2FBBF6AECFC1CAD86,SHA256=33571A9FB4476AFEE7E318FF540E66C8D945EA4344CD8F22EFBEFF442B6B8715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529023Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:24.370{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BE8BB220016057BAB8A58F4AE39DF8C,SHA256=8898D8E598D024364030C7AB28D588511E43BEDA0162C31AAAE880F95C608408,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928264Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928263Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928262Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928261Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928260Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928259Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928258Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928257Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928256Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928255Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928254Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928253Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928252Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928251Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928250Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928249Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928248Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928247Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928246Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928245Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928244Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928243Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928242Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928241Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928240Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928239Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928238Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928237Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928236Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928235Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928234Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928233Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928232Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928231Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928230Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928229Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928228Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928227Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928226Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928225Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928224Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928223Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928222Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928221Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928220Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928219Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928218Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928217Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928216Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928215Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928214Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928213Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928212Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928211Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928210Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928209Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928208Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928207Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928206Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928205Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928204Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928203Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928202Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.775{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928201Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.075{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1337C556964D09F81455FFDAF1ED2B6,SHA256=B7D0F831053A9FD2F91AA1892748EA4AED9ADF5644F126187DD510171BC611A1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000928200Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:18.947{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62105-false10.0.1.12-8000- 23542300x80000000000000001529024Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:25.386{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCFD87C94D14585FFA49D380194675D7,SHA256=0B2D308DF6AD58F345DA60FAD7E55A1A1E1A75A3C7F240806C9F1B8FEA67E2F8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928328Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928327Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928326Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928325Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928324Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928323Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928322Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928321Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928320Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928319Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928318Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928317Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928316Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928315Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928314Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928313Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928312Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928311Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928310Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928309Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928308Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928307Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928306Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928305Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928304Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928303Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928302Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928301Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928300Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928299Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928298Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928297Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928296Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.795{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928295Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.794{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928294Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.794{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928293Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928292Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928291Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928290Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928289Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928288Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928287Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.793{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928286Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928285Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928284Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928283Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928282Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928281Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928280Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928279Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928278Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928277Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.792{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928276Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.791{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928275Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.791{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928274Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.791{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928273Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.791{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928272Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.791{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928271Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928270Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928269Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928268Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928267Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928266Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.790{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928265Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:25.211{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3D06D01AD45C18E3A75F5638FE5D0A2,SHA256=EDD1235B1D322F6B730CADF9C8D3CC48BE37B9A91FA0A10EEC55EA028A0B5301,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529025Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:26.402{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD19194284C0B8274D4B25AED665496A,SHA256=ED6A9914BCDFC528F34EF4D70BF8456F0836FDC5EA9D98239773CE6527A38231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000928430Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.990{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE7048A627E42BEDB45D0D3C9C1107B,SHA256=60A9AAE06FF883CFE4F0B874B676FCB2D8A036EE9227A3E30CF1FF6ADBB34A68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928429Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928428Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928427Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928426Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928425Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928424Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928423Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928422Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928421Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928420Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928419Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928418Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928417Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928416Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928415Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928414Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928413Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928412Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928411Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928410Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928409Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928408Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928407Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928406Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928405Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928404Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928403Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928402Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928401Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928400Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928399Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928398Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928397Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928396Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928395Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928394Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928393Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928392Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928391Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928390Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928389Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928388Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928387Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928386Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928385Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928384Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928383Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928382Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928381Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928380Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928379Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928378Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928377Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928376Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928375Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928374Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928373Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928372Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928371Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928370Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928369Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928368Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928367Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.809{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928366Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928365Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928364Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928363Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928362Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928361Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928360Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928359Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928358Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928357Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928356Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928355Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928354Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928353Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928352Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928351Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928350Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928349Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928348Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928347Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928346Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928345Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928344Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928343Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928342Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928341Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928340Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928339Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928338Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928337Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928336Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928335Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928334Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928333Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928332Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928331Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928330Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.556{014657FA-53AB-6102-0D00-00000000E801}892912C:\Windows\system32\svchost.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928329Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:26.341{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74047439C9DE1394A71C43DD88DB5255,SHA256=5F2234F0924F0834A30964DFC426783F9C5637F048A472EA1364E65BD5D359E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000928607Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.944{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E07689557D02446F907070B93D436C,SHA256=42CAAAED65633A7B2D128E1E8E685BFB47154541407EF81B3F6A737F7AEC6C98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928606Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928605Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928604Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928603Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928602Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928601Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928600Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928599Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928598Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928597Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928596Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928595Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928594Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928593Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001529027Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:24.987{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55515-false10.0.1.12-8000- 23542300x80000000000000001529026Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.417{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BB33A5BDC9F8F32AD2ADA3692B76186,SHA256=77404BFA957DA6F454B8EBDDFDD13BC8BF446C7F74357CF1ABB165F2024F3A2D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928592Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928591Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928590Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928589Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928588Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928587Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928586Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928585Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928584Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928583Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928582Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928581Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928580Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928579Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928578Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928577Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928576Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928575Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928574Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928573Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928572Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928571Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928570Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928569Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928568Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928567Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928566Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928565Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928564Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928563Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928562Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928561Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928560Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928559Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.828{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928558Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928557Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928556Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928555Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928554Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928553Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928552Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928551Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928550Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928549Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928548Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928547Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928546Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928545Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928544Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928543Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928542Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928541Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928540Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928539Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928538Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928537Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928536Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928535Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928534Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928533Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928532Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928531Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928530Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928529Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928528Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928527Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928526Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928525Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928524Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928523Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928522Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928521Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928520Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928519Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928518Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928517Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928516Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928515Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928514Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928513Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928512Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928511Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928510Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928509Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928508Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928507Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928506Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928505Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928504Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928503Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928502Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928501Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928500Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928499Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928498Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928497Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928496Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928495Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928494Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928493Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928492Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928491Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928490Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928489Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928488Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928487Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928486Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928485Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928484Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928483Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928482Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928481Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928480Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928479Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928478Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928477Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928476Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928475Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928474Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928473Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928472Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928471Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928470Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928469Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928468Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928467Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928466Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928465Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928464Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928463Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928462Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928461Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928460Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7916d|C:\Users\Administrator\Downloads\procexp64.exe+a8f2e|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928459Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928458Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928457Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928456Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928455Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928454Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928453Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928452Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928451Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928450Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928449Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928448Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928447Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928446Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928445Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928444Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928443Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928442Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928441Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928440Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928439Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928438Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928437Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928436Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928435Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928434Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928433Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928432Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.812{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928431Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:27.592{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E594EA0D9A152CA8C1C276E1999D00F2,SHA256=8F42124510DC904A004B8F3790AFFECA925429419C3231F8B8151158722BC2C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001529046Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.825{3EC130A3-032C-6104-CE33-00000000E901}4504696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529045Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032C-6104-CE33-00000000E901}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529044Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529043Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529042Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529041Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529040Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53A9-6102-0500-00000000E901}412528C:\Windows\system32\csrss.exe{3EC130A3-032C-6104-CE33-00000000E901}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529039Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.667{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032C-6104-CE33-00000000E901}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529038Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.669{3EC130A3-032C-6104-CE33-00000000E901}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001529037Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.433{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DC2BCE99FBAB56F5BFA778698A4F4E4,SHA256=356D5062DD2C5B1D37D5A066B307E230C547A5619B518BE53B85B8C1949492DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928671Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928670Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928669Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928668Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928667Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928666Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928665Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928664Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928663Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928662Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928661Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928660Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928659Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928658Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928657Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928656Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928655Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928654Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928653Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928652Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928651Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928650Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928649Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928648Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928647Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928646Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928645Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928644Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928643Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928642Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928641Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928640Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928639Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928638Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928637Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928636Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928635Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928634Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928633Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928632Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928631Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928630Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928629Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928628Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928627Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928626Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928625Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928624Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928623Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928622Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928621Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928620Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928619Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928618Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928617Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928616Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928615Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928614Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928613Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928612Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928611Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928610Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928609Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.843{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928608Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:28.627{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4DF70DA4F0E99C1BE122825D13A9AA6,SHA256=7DB4F53B352B2A2A7DAF393D2178A4251281277C75C701143564C6883B22A014,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001529036Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:28.152{3EC130A3-032B-6104-CD33-00000000E901}1616960C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529035Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032B-6104-CD33-00000000E901}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529034Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529033Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529032Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529031Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529030Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53A9-6102-0500-00000000E901}4121060C:\Windows\system32\csrss.exe{3EC130A3-032B-6104-CD33-00000000E901}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529029Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.995{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032B-6104-CD33-00000000E901}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529028Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:27.996{3EC130A3-032B-6104-CD33-00000000E901}1616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000928735Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928734Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928733Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928732Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928731Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928730Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928729Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928728Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928727Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928726Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928725Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928724Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928723Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928722Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928721Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928720Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928719Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928718Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928717Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928716Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928715Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928714Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928713Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928712Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928711Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928710Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928709Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928708Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928707Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928706Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928705Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928704Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928703Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928702Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928701Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928700Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928699Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928698Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928697Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928696Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928695Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928694Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928693Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928692Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928691Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928690Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928689Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928688Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928687Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928686Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928685Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928684Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928683Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928682Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928681Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928680Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928679Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928678Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928677Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928676Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928675Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928674Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928673Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.857{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928672Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:29.691{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84844ACA9DCAD36F7EA8B113FDFA68C2,SHA256=D0E6F3FCDE70D78BD637D98155063ECD8D43A8591C7F0F1D232FDD0958A808D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001529064Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032D-6104-D033-00000000E901}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529063Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529062Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529061Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529060Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529059Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53A9-6102-0500-00000000E901}4121060C:\Windows\system32\csrss.exe{3EC130A3-032D-6104-D033-00000000E901}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529058Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.917{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032D-6104-D033-00000000E901}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529057Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.919{3EC130A3-032D-6104-D033-00000000E901}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001529056Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.527{3EC130A3-032D-6104-CF33-00000000E901}9644616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529055Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.448{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F53DB8DF4FE7C3E7E41C6256FC00FA,SHA256=D42A582F5CE726A3C0055141FE821005724904EA5ADF0A23EFA03789AD26CF62,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001529054Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032D-6104-CF33-00000000E901}964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529053Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529052Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529051Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529050Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529049Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53A9-6102-0500-00000000E901}4121060C:\Windows\system32\csrss.exe{3EC130A3-032D-6104-CF33-00000000E901}964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529048Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.339{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032D-6104-CF33-00000000E901}964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529047Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:29.340{3EC130A3-032D-6104-CF33-00000000E901}964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000928799Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928798Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928797Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928796Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928795Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928794Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928793Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928792Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928791Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928790Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928789Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928788Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928787Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928786Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928785Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928784Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928783Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928782Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928781Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928780Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928779Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928778Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928777Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928776Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928775Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928774Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928773Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928772Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928771Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928770Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928769Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928768Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928767Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928766Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928765Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928764Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928763Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928762Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928761Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928760Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928759Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928758Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928757Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928756Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928755Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928754Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928753Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928752Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928751Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928750Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928749Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928748Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928747Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928746Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928745Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928744Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928743Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928742Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928741Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928740Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928739Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928738Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928737Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.871{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928736Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:30.824{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AE41015168FE3DE39522E36E2DBC1C9,SHA256=8A5ECC55FBAE1A4ACC35F0345EAE032FD73E9C694A3F27CA6C97DE0A03C9EF9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001529074Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.450{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0895C48B84F84119E7130D0524E89259,SHA256=A844CDD6096D7E91D853BE9ED0D12A24016E3A4528E4A2D7A493C0C8B8EE47E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001529073Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032E-6104-D133-00000000E901}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529072Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529071Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529070Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529069Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529068Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53A9-6102-0500-00000000E901}4121060C:\Windows\system32\csrss.exe{3EC130A3-032E-6104-D133-00000000E901}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529067Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.417{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032E-6104-D133-00000000E901}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529066Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.418{3EC130A3-032E-6104-D133-00000000E901}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001529065Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.136{3EC130A3-032D-6104-D033-00000000E901}9404304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000928864Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.940{014657FA-53CA-6102-7200-00000000E801}3996NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77C131B5F1608F40451489DE3CD83EF3,SHA256=C8E4E14EE5FD49C7CB5F9EC6ABDD8CDE57541D787EE61A07F330BF681AFDA6CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928863Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928862Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928861Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928860Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928859Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928858Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928857Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928856Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928855Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928854Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928853Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928852Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928851Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928850Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928849Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928848Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928847Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928846Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928845Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928844Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928843Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928842Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928841Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928840Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928839Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928838Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928837Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928836Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928835Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928834Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928833Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928832Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928831Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928830Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928829Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.893{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928828Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.892{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928827Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928826Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928825Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928824Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928823Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928822Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928821Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.891{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928820Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928819Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928818Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928817Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928816Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928815Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928814Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928813Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928812Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928811Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.890{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928810Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.889{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928809Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.889{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928808Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.889{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928807Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.889{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928806Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928805Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928804Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928803Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928802Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928801Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:31.888{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001529083Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.480{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C180886875A16AA05B52F75914B21F9,SHA256=C155637782B514DB7D182869B8B0271787FAF4D928BA32DBFD31520C2ADBB587,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000928800Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:24.782{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-888.attackrange.local62106-false10.0.1.12-8000- 10341000x80000000000000001529082Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53AB-6102-2B00-00000000E901}28522872C:\Windows\system32\conhost.exe{3EC130A3-032F-6104-D233-00000000E901}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529081Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529080Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529079Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529078Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53A9-6102-0C00-00000000E901}7242332C:\Windows\system32\svchost.exe{3EC130A3-53AA-6102-1F00-00000000E901}1960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001529077Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53A9-6102-0500-00000000E901}412528C:\Windows\system32\csrss.exe{3EC130A3-032F-6104-D233-00000000E901}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001529076Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.089{3EC130A3-53AA-6102-2100-00000000E901}20323668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3EC130A3-032F-6104-D233-00000000E901}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001529075Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:31.090{3EC130A3-032F-6104-D233-00000000E901}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3EC130A3-53A9-6102-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3EC130A3-53AA-6102-2100-00000000E901}2032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001529084Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:32.495{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=434DD99246FE406071940FB4B33561BC,SHA256=C5E03C0830443D366A2999F50468833F635588189A945EC90B20FF3C8DD2AE2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928927Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928926Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928925Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928924Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928923Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928922Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928921Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928920Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928919Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928918Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928917Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928916Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928915Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928914Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928913Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928912Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928911Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928910Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928909Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928908Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928907Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928906Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928905Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928904Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928903Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928902Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53C3-6102-6900-00000000E801}3772C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928901Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3D00-00000000E801}3344C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928900Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3900-00000000E801}3276C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928899Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53BA-6102-3300-00000000E801}3160C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928898Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2F00-00000000E801}1892C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928897Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2D00-00000000E801}2204C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928896Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2C00-00000000E801}2988C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928895Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2A00-00000000E801}2928C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928894Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2B00-00000000E801}2936C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928893Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2900-00000000E801}2908C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928892Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2800-00000000E801}2888C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928891Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2700-00000000E801}2796C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928890Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2600-00000000E801}2788C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928889Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2500-00000000E801}2780C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928888Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2400-00000000E801}2740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928887Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B9-6102-2200-00000000E801}2656C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928886Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53B5-6102-2000-00000000E801}2508C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928885Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1F00-00000000E801}2100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928884Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1700-00000000E801}1384C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928883Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1600-00000000E801}1272C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928882Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1500-00000000E801}1224C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928881Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1400-00000000E801}1068C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928880Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1300-00000000E801}856C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928879Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1200-00000000E801}388C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928878Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1100-00000000E801}416C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928877Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-1000-00000000E801}436C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928876Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0F00-00000000E801}104C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928875Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AC-6102-0E00-00000000E801}996C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928874Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0D00-00000000E801}892C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928873Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AB-6102-0C00-00000000E801}836C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928872Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0B00-00000000E801}628C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928871Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0A00-00000000E801}620C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928870Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0900-00000000E801}568C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928869Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0800-00000000E801}492C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928868Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0700-00000000E801}484C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928867Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53AA-6102-0500-00000000E801}412C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928866Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0200-00000000E801}320C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928865Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:32.907{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53A7-6102-0100-00000000E801}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001529086Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:30.908{3EC130A3-53B5-6102-6200-00000000E901}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-107.eu-central-1.compute.internal55516-false10.0.1.12-8000- 23542300x80000000000000001529085Microsoft-Windows-Sysmon/Operationalwin-host-107-2021-07-30 13:48:33.542{3EC130A3-53BC-6102-6B00-00000000E901}4040NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=028B81955B3BBF4660D9E4C1C78A5372,SHA256=252F1B995CB16F72FBE552C516CDC249510A11FF37CFB7A7EE004EDB46588701,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000928996Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D433-00000000E801}2236C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928995Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-01C0-6104-D333-00000000E801}6964C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928994Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-FEBA-6103-5933-00000000E801}6560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928993Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F9A1-6103-BF32-00000000E801}7116C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928992Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F836-6103-8832-00000000E801}360C:\Temp\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928991Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F046-6103-7531-00000000E801}5604C:\Python39\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928990Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6831-00000000E801}3812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928989Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-F00F-6103-6731-00000000E801}5116C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928988Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC93-6102-E10E-00000000E801}6140C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928987Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC88-6102-DF0E-00000000E801}5888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928986Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DE0E-00000000E801}5132C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928985Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DD0E-00000000E801}3500C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928984Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC87-6102-DC0E-00000000E801}4480C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928983Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC86-6102-DB0E-00000000E801}3796C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928982Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC84-6102-DA0E-00000000E801}5036C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928981Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BF0E-00000000E801}4288C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928980Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC13-6102-BE0E-00000000E801}2372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928979Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC12-6102-BD0E-00000000E801}3596C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928978Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B50E-00000000E801}4440C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928977Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC11-6102-B20E-00000000E801}5040C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928976Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AF0E-00000000E801}4528C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928975Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC10-6102-AD0E-00000000E801}1128C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928974Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-CC0F-6102-AC0E-00000000E801}1572C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d54|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a7f48|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928973Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-5433-6102-8000-00000000E801}3576C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000928972Microsoft-Windows-Sysmon/Operationalwin-dc-888.attackrange.local-2021-07-30 13:48:33.909{014657FA-F3C7-6103-E331-00000000E801}47001876C:\Users\Administrator\Downloads\procexp64.exe{014657FA-53CA-6102-7200-00000000E801}3996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a7eea|C:\Users\Administrator\Downloads\procexp64.exe+836e5|C:\Users\Administrator\Downloads\procexp64.exe+c764c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000